[Samba] Is LDAP + Kerberos without Active Directory no longer supported?
Daniel Lakeland
dlakelan at street-artists.org
Thu Apr 13 22:55:37 UTC 2023
Ok after installing libpam-winbind etc I had someone try to connect from
a MacOS and they got:
[2023/04/13 15:50:50.002773, 1]
../../source3/auth/auth_generic.c:211(auth3_generate_session_info_pac)
auth3_generate_session_info_pac: Unexpected PAC for
[testuser at OURREALM.REALM] in standalone mode - NT_STATUS_BAD_TOKEN_TYPE
[2023/04/13 15:50:50.002891, 3]
../../source3/smbd/smb2_server.c:3961(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_BAD_TOKEN_TYPE] || at
../../source3/smbd/smb2_sesssetup.c:147
[2023/04/13 15:50:59.914944, 3]
../../source3/smbd/server_exit.c:229(exit_server_common)
Server exit (NT_STATUS_END_OF_FILE)
So it looks like her mac tried to use her Kerberos identity but the
Samba daemon didn't like that because "in standalone mode"
the samba settings during this test were:
security = user
realm = OURREALM.REALM
kerberos method = system keytab
server role = standalone server
More information about the samba
mailing list