[Samba] mount share using kerberos ticket fails

L.P.H. van Belle belle at bazuin.nl
Tue Mar 10 12:14:43 UTC 2020


Hai, 

The minial is an PTR record for the server to make sure kerberos can do its job. 
Preffered A + PTR 

Any cname +kerberos auth will work with the registerd real-hostname (as long A+PTR exist) 

Thats the short version. 

I hope this helps a bit. 
(Sorry if i sounded a bit blunt) 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Yvan 
> Masson via samba
> Verzonden: dinsdag 10 maart 2020 12:40
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] mount share using kerberos ticket fails
> 
> Le 10/03/2020 à 11:51, L.P.H. van Belle via samba a écrit :
> > 
> >> That is what I did. But it fails even when mounting manually:
> >> 1. Connect on the desktop using domain user "yvan.masson" (either
> >> graphically / TTY / SSH). Kerberos ticket is properly created.
> >> 2. Running "sudo mount -t cifs //ad.FOO.BAR.LOCAL/Echange /mnt -o
> >> user=yvan.masson,cruid=yvan.masson,sec=krb5" fails with 
> "Required key
> >> not available".
> > 
> > Offcourse, the user is not allowed to mount it. user=yvan.masson <<
> > You need to delegate the computer to do it for the user.
> > 
> > 
> >> 3. Running "sudo mount -t cifs 
> //foo-ad.FOO.BAR.LOCAL/Echange /mnt -o
> >> user=yvan.masson,cruid=yvan.masson,sec=krb5" works.
> > 
> > Offcourse, here root is allowed to mount it.
> > 
> > 
> > You know what todo and how to fix it properly.
> > 
> I did not understand this yet, but I will take time as soon as I can.
> > 
> > Greetz,
> > 
> > Louis
> > Thanks,
> Yvan
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list