[Samba] Should I be able to access shares w/o authenticating again?

Rob Campbell robcampbell08105 at gmail.com
Thu Nov 17 19:49:17 UTC 2022 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.


On Thu, Nov 17, 2022 at 2:13 PM Rob Campbell <robcampbell08105 at gmail.com>
wrote:

> I've logged into the different machines with my AD login.  Shouldn't I be
> able to just open up shares and not have to provide a password?  I thought
> my credentials would be passed and I wouldn't have to reauthenticate.
>
> gio mount smb://DC01/photos
> Authentication Required
> Enter user and password for share “photos” on “dc01”:
> User [HOME+robcampbell]:
>
> [HOME\robcampbell at f01 ~]$ smbclient //DC01/Movies -c 'ls'
> Password for [HOME\robcampbell]:
>

 [HOME\robcampbell at f01 ~]$ kinit
kinit: Client 'HOMErobcampbell at HOME.ROB-CAMPBELL.LAN' not found in Kerberos
database while getting initial credentials

I guess something isn't set up right?  But I'm not sure what.

cat /etc/krb5.conf
[libdefaults]
default_realm = HOME.ROB-CAMPBELL.LAN
dns_lookup_realm = false
dns_lookup_kdc = true
forwardable = yes
rdns = false
ticket_lifetime = 10h
renew_lifetime = 5d
[realms]
home.rob-campbell.lan = {
kdc = dc01.home.rob-campbell.lan
admin_server = DC01.home.rob-campbell.lan
# master_key_type = aes256-cts
# default_principal_flags = +preauth
}
HOME = {
kdc = dc01.home.rob-campbell.lan
admin_server = DC01.home.rob-campbell.lan
# master_key_type = aes256-cts
# default_principal_flags = +preauth
}

[domain_realm]
.home.rob-campbell.lan = HOME.ROB-CAMPBELL.LAN
home.rob-campbell.lan = HOME.ROB-CAMPBELL.LAN
[logging]
       kdc = FILE:/var/log/samba/krb5.log
       admin_server = FILE:/var/log/samba/mit_kadmin.log

cat /etc/samba/smb.conf
# Global parameters
[global]
server services = ldap, kdc, winbind, ntp_signd, dnsupdate, dns
security = ADS
realm = home.rob-campbell.lan
workgroup = HOME

idmap config * : range = 10000-9999999
idmap config * : backend = autorid
idmap config * : rangesize = 200000

map acl inherit = Yes
vfs objects = acl_xattr

dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = Yes
winbind enum groups = Yes
winbind enum users = Yes
; winbind separator = \

template homedir = /home/%U
template shell = /bin/bash
username map = /etc/samba/user.map

unix charset = UTF-8
log file = /var/log/samba/%m.log
log level = 3



> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In all things, Be Intentional.
>

More information about the samba mailing list