>From the looks of the result you get with klist, it does look like you've got a ticket from the KDC. Some more things you can do to check on things: 1. On the FC (samba server) machine, try these commands wbinfo -t wbinfo -u getent passwd The first should return "checking the trust secret via RPC calls succeeded"; the second should enumerate a list of user and machine accounts from the Windows server; and the third should show an integrated passwd listing with the accounts from the Windows server appended to the end of the Linux accounts you would see in the normal /etc/passwd file. 2. If you used a domain administrator account (i.e. in the Active Directory domain) to get the ticket for your Samba server, then you should be able to connect to the administrative shares on the Active Directory domain controller using smbclient without a password. In other words, something like smbclient //ADserver/c$ should immediately drop you to an smbclient prompt without prompting you further for a password. If that happens, you know your kerberos is working, i.e. you got authenticated on the basis of your kerberos ticket.
