[Samba] Should I be able to access shares w/o authenticating again?
Rob Campbell
robcampbell08105 at gmail.com
Thu Nov 17 19:49:17 UTC 2022
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.
On Thu, Nov 17, 2022 at 2:13 PM Rob Campbell <robcampbell08105 at gmail.com>
wrote:
> I've logged into the different machines with my AD login. Shouldn't I be
> able to just open up shares and not have to provide a password? I thought
> my credentials would be passed and I wouldn't have to reauthenticate.
>
> gio mount smb://DC01/photos
> Authentication Required
> Enter user and password for share “photos” on “dc01”:
> User [HOME+robcampbell]:
>
> [HOME\robcampbell at f01 ~]$ smbclient //DC01/Movies -c 'ls'
> Password for [HOME\robcampbell]:
>
[HOME\robcampbell at f01 ~]$ kinit
kinit: Client 'HOMErobcampbell at HOME.ROB-CAMPBELL.LAN' not found in Kerberos
database while getting initial credentials
I guess something isn't set up right? But I'm not sure what.
cat /etc/krb5.conf
[libdefaults]
default_realm = HOME.ROB-CAMPBELL.LAN
dns_lookup_realm = false
dns_lookup_kdc = true
forwardable = yes
rdns = false
ticket_lifetime = 10h
renew_lifetime = 5d
[realms]
home.rob-campbell.lan = {
kdc = dc01.home.rob-campbell.lan
admin_server = DC01.home.rob-campbell.lan
# master_key_type = aes256-cts
# default_principal_flags = +preauth
}
HOME = {
kdc = dc01.home.rob-campbell.lan
admin_server = DC01.home.rob-campbell.lan
# master_key_type = aes256-cts
# default_principal_flags = +preauth
}
[domain_realm]
.home.rob-campbell.lan = HOME.ROB-CAMPBELL.LAN
home.rob-campbell.lan = HOME.ROB-CAMPBELL.LAN
[logging]
kdc = FILE:/var/log/samba/krb5.log
admin_server = FILE:/var/log/samba/mit_kadmin.log
cat /etc/samba/smb.conf
# Global parameters
[global]
server services = ldap, kdc, winbind, ntp_signd, dnsupdate, dns
security = ADS
realm = home.rob-campbell.lan
workgroup = HOME
idmap config * : range = 10000-9999999
idmap config * : backend = autorid
idmap config * : rangesize = 200000
map acl inherit = Yes
vfs objects = acl_xattr
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = Yes
winbind enum groups = Yes
winbind enum users = Yes
; winbind separator = \
template homedir = /home/%U
template shell = /bin/bash
username map = /etc/samba/user.map
unix charset = UTF-8
log file = /var/log/samba/%m.log
log level = 3
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In all things, Be Intentional.
>
More information about the samba
mailing list