[Samba] Printserver after latest MS updates
Achim Gottinger
achim at ag-web.biz
Fri Oct 29 12:20:47 UTC 2021
Am 29.10.2021 um 13:11 schrieb Rowland Penny via samba:
> On Fri, 2021-10-29 at 12:59 +0200, Achim Gottinger via samba wrote:
>>>> Indeed, which raises the quetion can kerberos be used with local
>>>> account?
>>> This all depends what you mean by 'local account' if you mean an
>>> account that is in /etc/passwd, then, no it will not work, because
>>> the
>>> user would be unknown to AD and hence, kerberos.
>>>
>>> Rowland
>>>
>>>
>>>
>> Hello Rowland,
>>
>> I was talking about an local account on the windows client side.
>> Authentication against the samba server is using NTLMSSP in this
>> case. I thought the file explorer may use kerberos if an valid ticket
>> exists, which is not the case. Was just a wild guess. Kerberos only
>> works if an domain account is used to log in on the windows client.
>>
>> Achim
>>
>> https://en.wikipedia.org/wiki/Security_Support_Provider_Interface
> A 'local' user is a local user what ever the OS and as such isn't a
> domain user, so cannot use kerberos.
>
> Rowland
Well a local user can manual acquire an ticket from kerberos (kinit [spn]) and use that so for authentification.
In fact that is what i use as the "local" root user on linux if i use samba-tools.
kinit administrator@[DOMAIN REALM]
samba-tools -k [whatever]
Can it be we talk past each other here?
Achim
More information about the samba
mailing list