Authenticate samba share to active directory

I have joined a server running Rocky 8.7 to a domain using realm. I am able to login locally, ssh and sudo using a active directory account. I have some samba shares I can access with a local account. How do I access the samba shares and authenticate to active directory?

It’s been a long while since I’ve tried this, so my information/knowledge may be a bit off. As far as I know, there’s a couple ways to do it. Though first what I would verify is you can run smbclient -L //domain/share -m SMB3 -k and see if you get results back for your share.

As for the ways to mount it with your AD credentials, you can use the kerberos ticket you get when logging in with an AD user (check klist) or you can specify the credentials needed in /root/.credfile, which mount should hopefully pick up.

To do the former, you can try to do something like:

sudo mount -t cifs -o _netdev,user=yourusername,cruid=yourusername,sec=krb5 //domain/path /where/to/mount

For the /root/.credfile, it would look like this:


The mount command would be something like this, adding in other options as you need.

sudo mount -t cifs -o _netdev,credentials=/root/.credfile //domain/path /where/to/mount

Optionally, you can you can add gid=...,uid=... if you want it to owned completely by your user and no one else on the system. You can also set dir_mode and file_mode.