We have a SSO/SAML enabled nextcloud.
We are using external storage to map SMB/CIFS share.
The only way I can get smb share working is, if I enable the “Log-in Credentials, save in database” authentication option.
But this is not a safe approach and has security concerns around it.
Is there any other way by which we can use kerberos tickets for authentication?
I.e. so the users don’t have to enter the credentials to access the SMB share and the credentials are not stored on the server?
Good day! Did anyone get to work?
In my case, LDAP works successfully, made friends with authorization through Kerberos (LDAP accounts matched successfully with REMOTE_USER only after lowering REALM in lowercase)
The most important thing left is to open the SMB folder as an authorized user
But it’s not clear what is meant by Kerberos ticket, as I understand it, when Kerberos is configured, the browser delegates who I am to the web server, then the ticket should already appear