Prerequisites for Connecting to Samba Filesystem

1. Install Remote Agent

2. Create .Conf Files

  1. Access the C:\Program Files\Metric Insights\Remote Agent\thirdparty\ directory on the Windows server
  2. Create a new folder kerberos-config inside this directory
  3. Within the new folder, create the following two files:

krb5.conf:

[libdefaults]
    default_realm = MI.LOCAL
    dns_lookup_kdc = false
    dns_lookup_realm = false
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true
    allow_weak_crypto = true
[realms]
    MI.LOCAL = {
        kdc = 1.1.1.1
        admin_server = 1.1.1.1
    }
[domain_realm]
    .example.mi.local = MI.LOCAL
    example.mi.local = MI.LOCAL
[logging]
    kdc = FILE=/var/log/krb5kdc.log
    admin_server = FILE=/var/log/kadmind.log
    default = FILE=/var/log/krb5lib.log
  • Replace MI.LOCAL with the Kerberos realm used by your organization.
  • Assign kdc and admin_server  with the hostname or IP address of your Key Distribution Center (KDC) and admin server.
  • Replace .example.mi.local and example.mi.local with the domain name of your SMB server.

login.conf:

 KerberosLogin {
    com.sun.security.auth.module.Krb5LoginModule required
    useTicketCache=true
    doNotPrompt=true
    debug=true
    renewTGT=true;
};
  1. Save both files in the kerberos-config directory

3. Generate Kerberos Ticket

Use the following command to generate a Kerberos ticket:

kinit username

NOTE: Replace username with the actual username.

4. Ensure That RDP Login Matches Kerberos Authenticated User

To ensure Kerberos authentication is successful, the Windows service account running the Remote Agent must match the user that generated the Kerberos ticket.

  1. Open the Windows Services console and locate the Metric Insights Remote Agent daemon. Right-click the service and choose Properties
  2. Access the Log On tab
  3. Set the Log On account to the same user who ran the kinit command

Restart the service to apply the changes.