[Samba] Exporting keytab with samba-tool
Michael Tokarev
mjt at tls.msk.ru
Sun Feb 27 07:08:20 UTC 2022
Hi!
I'm aware for the wiki page about the subject, this one:
https://wiki.samba.org/index.php/Generating_Keytabs
I even added comments to this page, to the "Discussion"
section.
How to actually export keytab for a given principal?
Be it samba-tool or something else?
I weren't able to export any enctypes besides RC4-HMAC.
Even if this enctype is explicitly *disabled* for the principal,
by net ads enctypes set command.
The generated keytab entry is about 40 bytes long (together
with the principal name).
While the real keytab generated by samba when joining domain
is significantly larger, contains all enctypes and all
principals.
Thanks,
/mjt
More information about the samba
mailing list