kerberos configuration for Samba Server
Basil Copeland
blcjr2 at gmail.com
Fri May 6 13:07:35 UTC 2005
>From the looks of the result you get with klist, it does look like
you've got a ticket from the KDC. Some more things you can do to
check on things:
1. On the FC (samba server) machine, try these commands
wbinfo -t
wbinfo -u
getent passwd
The first should return "checking the trust secret via RPC calls
succeeded"; the second should enumerate a list of user and machine
accounts from the Windows server; and the third should show an
integrated passwd listing with the accounts from the Windows server
appended to the end of the Linux accounts you would see in the normal
/etc/passwd file.
2. If you used a domain administrator account (i.e. in the Active
Directory domain) to get the ticket for your Samba server, then you
should be able to connect to the administrative shares on the Active
Directory domain controller using smbclient without a password. In
other words, something like
smbclient //ADserver/c$
should immediately drop you to an smbclient prompt without prompting
you further for a password. If that happens, you know your kerberos
is working, i.e. you got authenticated on the basis of your kerberos
ticket.
More information about the fedora-list
mailing list