[Samba] mount share using kerberos ticket fails
L.P.H. van Belle
belle at bazuin.nl
Tue Mar 10 12:14:43 UTC 2020
The minial is an PTR record for the server to make sure kerberos can do its job.
Preffered A + PTR
Any cname +kerberos auth will work with the registerd real-hostname (as long A+PTR exist)
Thats the short version.
I hope this helps a bit.
(Sorry if i sounded a bit blunt)
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Yvan
> Masson via samba
> Verzonden: dinsdag 10 maart 2020 12:40
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] mount share using kerberos ticket fails
> Le 10/03/2020 à 11:51, L.P.H. van Belle via samba a écrit :
> >> That is what I did. But it fails even when mounting manually:
> >> 1. Connect on the desktop using domain user "yvan.masson" (either
> >> graphically / TTY / SSH). Kerberos ticket is properly created.
> >> 2. Running "sudo mount -t cifs //ad.FOO.BAR.LOCAL/Echange /mnt -o
> >> user=yvan.masson,cruid=yvan.masson,sec=krb5" fails with
> "Required key
> >> not available".
> > Offcourse, the user is not allowed to mount it. user=yvan.masson <<
> > You need to delegate the computer to do it for the user.
> >> 3. Running "sudo mount -t cifs
> //foo-ad.FOO.BAR.LOCAL/Echange /mnt -o
> >> user=yvan.masson,cruid=yvan.masson,sec=krb5" works.
> > Offcourse, here root is allowed to mount it.
> > You know what todo and how to fix it properly.
> I did not understand this yet, but I will take time as soon as I can.
> > Greetz,
> > Louis
> > Thanks,
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba