Even if a user has kerberos credentials, libsmbclient and our libsmb apps do not use them, instead always using NTLM/NTLMSSP and always prompting. We should detect the user having kerberos credentials, and the server supporting them.
Alex Larsson and Nate Nielsen developed some patches to enable kerberos in libsmbclient, adding some flags that allow client application to set kerberos authentication and disable problematic anonymous login fallback as 'smbclient' does with '-k' option (see bug 2092). Enabling kerberos is necessary if you want a Linux client to browse windows shares in SSO mode in AD domain (for example using Nautilus browser). Moreover, I think that the authentication callback mechanism in libsmb should be revised in order to accomodate kerberos authentication, without adding complexity to the application logic. For instance, in "find_server" function in libsmbclient the "auth_fn" function is called as a side effect of a cache miss. Maybe, the "auth_fn" call should be moved to main session setup flow in "smb_server" function.
Andrea, where are those patches. I've written code to fix the problem, but my code doesn't disable the anonymous login fallback, or fix cli_full_connection(). Before I make a patch, I'd like to find patches by more experienced Samba hackers on this problem.
Some changes were made a few versions ago, to allow use of kerberos. Enable kerberos with context->flags |= SMB_CTX_FLAG_USE_KERBEROS If this does not resolve your issue, please re-open this bug with additional details.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.