> This specific instance is intended to host shares for which users > authenticate with their AD credentials, the normal authentication for > the system works fine and so does joining the domain. As mentioned > earlier initializing kinit and wbinfo returns the expected results and > the server shows up as a member in AD.
I'm a bit confused about what you had to do with kinit, keytabs and Kerberos, because we've never touched anything to do with Kerberos and people can log on to our domain and browse the shares on our Samba servers with the AD username passed through (i.e. no separate log on to Samba.) It sounds like this is what you're trying to achieve. We just joined each Samba machine to the domain ("net ads join") and it worked straight away. The first time I did this a few years ago I messed around with the Kerberos stuff before realising that apparently it's not necessary... Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba