[Samba] Is LDAP + Kerberos without Active Directory no longer supported?

Daniel Lakeland dlakelan at street-artists.org
Thu Apr 13 22:55:37 UTC 2023

Ok after installing libpam-winbind etc I had someone try to connect from 
a MacOS and they got:

[2023/04/13 15:50:50.002773,  1] 
   auth3_generate_session_info_pac: Unexpected PAC for 
[testuser at OURREALM.REALM] in standalone mode - NT_STATUS_BAD_TOKEN_TYPE
[2023/04/13 15:50:50.002891,  3] 
   smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
[2023/04/13 15:50:59.914944,  3] 
   Server exit (NT_STATUS_END_OF_FILE)

So it looks like her mac tried to use her Kerberos identity but the 
Samba daemon didn't like that because "in standalone mode"

the samba settings during this test were:

security = user
kerberos method = system keytab

server role = standalone server

More information about the samba mailing list