> > How can I obtain a krb5 ticket for the computer account? > > > > Hi Mustafa, > > To be able to check out a ticket in that way you need to set > userprincipialname on the computeraccount. I do that when I join with: > > # net ads join createupn="host/hostname.domain....@domain.tld" > > I then create a keytab file: > > # net ads keytab create > > Andreas, thanks, this helped me get a Kerberos ticket. In specific, added use kerberos keytab = yes into /etc/smb.conf and restarted winbind.
However, "mount" is still not aware of the ticket. Here is the output: [DOMAIN\computercomputer ~]$ sudo kinit -V -5 -k -t /etc/krb5.keytab compute...@domain.com Authenticated to Kerberos v5 [DOMAIN\computercomputer ~]$ sudo klist -5 Ticket cache: FILE:/tmp/krb5cc_0 Default principal: compute...@domain.com Valid starting Expires Service principal 11/11/10 14:10:42 11/12/10 00:08:44 krbtgt/domain....@domain.com renew until 11/12/10 14:10:42 [DOMAIN\computercomputer ~]$ sudo mount -t cifs -o user=DOMAIN\\COMPUTER\$,sec=krb5 //remotehost/remoteshare /mnt/localmount mount error(126): Required key not available Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) [DOMAIN\computercomputer ~]$ sudo mount -t cifs -o sec=krb5 //remotehost/remoteshare /mnt/localmount mount error(126): Required key not available Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) Any ideas on how to debug this further? Regards, Mustafa -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba