question about service principals (samba4)
Michael Wood
esiotrot at gmail.com
Sat Sep 25 12:21:46 MDT 2010
On 24 September 2010 15:52, Aaron Solochek <aarons-samba at aberrant.org> wrote:
> On 09/24/2010 01:13 AM, Andrew Bartlett wrote:
>> On Thu, 2010-09-23 at 12:48 -0400, Aaron Solochek wrote:
>>
>>> Ok, well I did manage to get the host/foo keys by writing a shell script to
>>> filter the net export keytab file down to what I wanted, then using ktutil from
>>> heimdal to rename the FOO$ to host/foo, and gssapi key exchange for ssh now works.
>>
>> Now you just need to set the krb5keytab and servicePrinicpalName
>> attributes in secrets.ldb, and we will handle the rest.
>>
>> It would be good if you can test it, using the current tree.
>
> I have no idea how to do anything with the ldb files other than dump them with
> tdbdump. [...]
You can search/modify/etc. the ldb files similarly to LDAP using
ldbsearch instead of ldapsearch, ldbmodify instead of ldapmodify etc.
Try also:
# ldbedit -H /usr/local/samba/private/secrets.ldb
'(servicePrincipalName=*)' servicePrincipalName
Not sure about krb5keytab, though. I don't see any attributes like
that in my secrets.ldb.
If it's supposed to be privateKeytab, then you could use this:
ldbedit -H secrets.ldb '(|(servicePrincipalName=*)(privateKeytab=*))'
servicePrincipalName privateKeytab
--
Michael Wood <esiotrot at gmail.com>
More information about the samba-technical
mailing list