Samba 3.0 won't work with smbclient using Kerberos.
Andrew Bartlett
abartlet at pcug.org.au
Fri May 17 02:36:02 GMT 2002
P Ranjit Kumar wrote:
>
> Hi
>
> I am trying to get smbclient to work with Samba 3.0 server. Samba 3.0 server
> joined a Win2k Native domain successfully.
> Interestingly, I made and account on the KDC for the unix machine (using
> ktpass) and specified enc type DES-CBC-MD5, which is used by smbclient. Also
> I checked that the encryption type is MD5 for the TGT.
You must join the domain with 'net join'. Set 'security=ads' in your
smb.conf.
Becouse samba must also use legacy RPC protocols for NT4 connections,
and becouse of differences in case sensitivity in the MIT/MS
implementations, Samba does not use a predefined keytab, but stores the
plaintext password, creating the 'keys' in memory.
As such there isn't an /etc/krb5.keytab on a normal samba ADS member.
We need an option 'krb5 keytab write = ' (defaulting to
/etc/krb5.keytab) to allow unix servers compatibilty here, but I havn't
got a chance to writing it yet. (Patches are more than welcome).
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list