openSUSE 12.1, Samba 3.61 joined to Samba 4 Domain /etc/samba/smb.conf on the Linux client is as follows: workgroup = CACTUS realm = HH3.SITE security = ADS use kerberos keytab = true testparm tells me it is ignoring the 'use kerberos keytab = true' entry. Linux users can logon fine, kinit and getent password work. The Samba 4 logs show that kerberos has authenticated the user. Users can create files under Linux with the correct permissions, which can then be edited on a Windows 7 client. Their /home folders are mounted via kerberized NFSv4. Using konqueror with smb:// allows users to browse the Samba 4 shares and prompts for a password when entering a folder which is not their own. Entering the password for the other folder allows them to manipulate files in that folder. However, they cannot manipulate files in their own folder even though it seems as though kerberos has authenticated them, by not asking for a password. Without the 'use kerberos keytab = true' entry, there is no password prompting and the user gets access denied messages when trying to access *any* share from Samba 4, including his own, as before. Questions 1. Is the entry 'use kerberos keytab = true' is having any effect? 2. Why is the user who is logged on getting access denied errors under the smb:// protocol? 3. Is this a clash between NFS and CIFS? Any help gratefully received. Thanks, Steve
On Sun, Jan 8, 2012 at 8:43 AM, steve <steve at steve-ss.com> wrote:> openSUSE 12.1, Samba 3.61 joined to Samba 4 Domain > > /etc/samba/smb.conf on the Linux client is as follows: > > workgroup = CACTUS > realm = HH3.SITE > security = ADS > use kerberos keytab = true > > testparm tells me it is ignoring the 'use kerberos keytab = true' entry.It should be, it's been replaced quite some time ago by "kerberos keytab method".> > Linux users can logon fine, kinit and getent password work. The Samba 4 logs > show that kerberos has authenticated the user. Users can create files under > Linux with the correct permissions, which can then be edited on a Windows 7 > client. Their /home folders are mounted via kerberized NFSv4. > Without the 'use kerberos keytab = true' entry, there is no password > prompting and the user gets access denied messages when trying to access > *any* share from Samba 4, including his own, as before. > > Questions > 1. Is the entry 'use kerberos keytab = true' is having any effect?Seems like it is based on your description, but it _shouldn't be". I'd check for stray libsmbclient so's. -- Jim McDonough Samba Team SUSE labs jmcd at samba dot org jmcd at themcdonoughs dot org