I had a hell of a time trying to figure out why after upgrading the CentOS Samba package the samba shares quit working. Every time someone tried to access the share, the smb service would crash. I had this system configured to use active directory credentials and it worked well for a time, but no longer.
After much digging I found my problem to be the lack of a krb5.keytab file. This is due to my using PowerBroker Open instead of kerberos for authentication.
The solution was to add this line to my samba config:
kerberos method = system keytab
That one bit made all the difference. My current samba config is as follows with no more crashing: (Updated 8/29 to add workgroup name)
[global] security = ADS passdb backend = tdbsam realm = DOMAIN workgroup = NETBIOS_DOMAIN_NAME encrypt passwords = yes lanman auth = no ntlm auth = no kerberos method = system keytab obey pam restrictions = yes winbind enum users = yes winbind enum groups = yes
Update 8/29/2018: After updating and rebooting my smb service refused to start. It kept giving this very unhelpful message:
../source3/auth/auth_util.c:1399(make_new_session_info_guest) create_local_token failed: NT_STATUS_NO_MEMORY ../source3/smbd/server.c:2011(main) ERROR: failed to setup guest info. smb.service: main process exited, code=exited, status=255/n/a Failed to start Samba SMB Daemon.
I couldn’t find any documentation on this and eventually resorted to just messing around with my smb.conf file. What fixed it was adding this to my configuration:
workgroup = NETBIOS_DOMAIN_NAME
Replacing NETBIOS_DOMAIN_NAME with the old NetBIOS style domain name (what you would put in the domain part of domain\username for logging in) for my company. It worked!
4 thoughts on “Linux Samba shares using Kerberos / AD credentials”
workgroup = NETBIOS_DOMAIN_NAME recommendation saved me from launching 24-inch monitor into the atmosphere…. THANK YOU!!!!!!
Haha I’m glad I was able to spare your monitor’s life!
Same here !
Thank you so much !
Glad I can help!