[Samba] Kerberos authentication issue after upgrading from 4-14-stable to 4-15-stable

Alex samba at abisoft.biz
Thu Jan 27 14:03:08 UTC 2022

>> Any ideas why?
> No, sorry, thats one i dont know, except that k5start might look in a different place which does not exist. 

I checked that - it does read the file I specified.

>> The reason to use k5start is b/c some progs can't work with 
>> keytab file directly. For example, nslcd.

> Aha..  But wait, if samba is already handle-ing it. 
> Why not this way.. 

> (example for kerberos auth in squid ) 
> kinit Administrator

> export KRB5_KTNAME=FILE:/etc/squid/HTTP-$(hostname -s).keytab

> net ads_update keytab ADD HTTP/$(hostname -f)

> chmod 640 krb5-squid-HTTP-$(hostname -s).keytab

> chown root:proxy krb5-squid-HTTP-$(hostname -s).keytab

> Adjust it to you needs for nlscd but it shows how todo it. 
> I think what will work also. 

B/c (as I said) nslcd is not able to work thru a keytab file. It only supports ready-to-use TGT:
sasl_mech       GSSAPI
krb5_ccname /tmp/krb5cc_nslcd

Best regards,

More information about the samba mailing list