[Samba] mount share using kerberos ticket fails
Rowland penny
rpenny at samba.org
Tue Mar 10 10:21:45 UTC 2020
On 10/03/2020 10:10, Yvan Masson via samba wrote:
> Le 10/03/2020 à 10:37, Rowland penny via samba a écrit :
>> On 10/03/2020 09:18, Yvan Masson via samba wrote:
>>> If think I did not properly explain my setup, sorry for that: Samba
>>> here is not sharing anything. It is just used for joining a Windows
>>> domain, so that users can sit on a chair in front of this Debian
>>> computer, use their domain credentials in LightDM, and then access
>>> theirs personal and shared data (that are shared by the Windows DC,
>>> mounted locally by pam_mount).
>> Yes, telling us that would have helped.
> I used the word "workstation" in my initial post, thinking it was
> sufficient.
>>>
>>> So, my understanding is that my setup does not require creating an
>>> UPN and a corresponding keytab to put on this Linux client. I am
>>> probably not completely wrong as mounting a Windows share on the
>>> Debian computer using Kerberos now works :-).
>> No, it should work without manually creating any UPN's, SPN's or keytabs
>>>
>>> I permit myself this question again: in this setup, is it useful to
>>> have /etc/krb5.keytab or not?
>>
>> No, you do not need the keytab, you just need the correct setup that
>> uses the users kerberos ticket via PAM at login.
>>
>> Rowland
>>
> OK thanks. Any idea why mounting a share worked using one servers'
> hostname and not the other? They both resolve to the same IP.
Because if you are using pam-mount, you should be using the users
kerberos ticket via PAM at login.
Rowland
More information about the samba
mailing list