Use Files to access SMB shares using active kerberos ticket
- Verify that your Active Directory domain access works. If you don't have an Active Directory domain, you can set one up.
- Obtain kerberos ticket either using Online Accounts or manually via kinit (see the test case with no krb5.conf)
- Verify having active kerberos ticket by calling
- Setup file sharing on the Windows machine, e.g follow these steps for Windows 2008 Server:
- Run Windows Explorer
- Create a folder somewhere (e.g. C:\testfolder)
- Create a test file in that folder (e.g. C:\testfolder\testfile.txt)
- Go in the parent directory, right click on the folder, select Share with -> Specific people...
- Use "Find people..." combo box item to specify users you want to grant access
- Set Read/Write permissions for the added user
- Click the Share button, notice the share address when operation completes
How to test
- In Gnome session, open Files (Nautilus)
- Navigate to the Windows share, either using Connect to Server dialog or manually by entering URI in the following format:
- Test if you can read (and write if you allowed it on the server) various files, performing standard file management tasks
- No password prompt should be presented, GVfs should automatically pick active kerberos ticket.
If you get password prompt or any kind of error during login, verify that console smbclient fails the same way. Use the following command to get interactive commandline access:
$ smbclient -k -U testuser '\\server\share\'
quit to quit smbclient.
If smbclient login works, please file a bug against gvfs, otherwise please check server configuration.
For hardcore debugging, use the following command to get gvfsd-smb messages and attach them to the bugreport please:
$ GVFS_DEBUG=1 GVFS_SMB_DEBUG=99 /usr/libexec/gvfsd -r