On Fri, 2021-10-29 at 12:59 +0200, Achim Gottinger via samba
wrote:> > > Indeed, which raises the quetion can kerberos be used with local
> > > account?
> > This all depends what you mean by 'local account' if you mean
an
> > account that is in /etc/passwd, then, no it will not work, because
> > the
> > user would be unknown to AD and hence, kerberos.
> >
> > Rowland
> >
> >
> >
> Hello Rowland,
>
> I was talking about an local account on the windows client side.
> Authentication against the samba server is using NTLMSSP in this
> case. I thought the file explorer may use kerberos if an valid ticket
> exists, which is not the case. Was just a wild guess. Kerberos only
> works if an domain account is used to log in on the windows client.
>
> Achim
>
> https://en.wikipedia.org/wiki/Security_Support_Provider_Interface
A 'local' user is a local user what ever the OS and as such isn't a
domain user, so cannot use kerberos.
Rowland