samba-tool does not use kerberos ticket
Andrew Bartlett
abartlet at samba.org
Fri Sep 19 21:45:46 MDT 2014
On Fri, 2014-09-19 at 11:54 +0200, steve wrote:
> On 19/09/14 11:35, Alexis wrote:
> > Hello,
> >
> > I use samba 4-1.12 as an AD on a opensuse13.1 server.
> > I use to setup a keberos ticket with
> > kinit administrator -k -t /usr/local/samba/private/administrator.keytab
> > and klist -l on opensuse13.1 give:
> > Principal name Cache name
> > -------------- ----------
> > administrator at XXX.XX.XX DIR::/run/user/0/krb5cc/tktiNk96S
> >
> >
> > but for example samba-tool dns serverinfo <server> will ask me password
> > instead of using this kerberos ticket.
> >
> > There was not such an issue when running samba in opensuse12.3 and I wonder
> > if this is due to user.slice service which was had in openssue13.1 but I
> > don't know where to go from here.
> >
> > Maybe some of you had any clue to help me debug this issue.
> >
> > Thank you.
> >
> Hi
> Just add:
> default_ccache_name = /tmp/krb5cc_%{uid}
> to [libdefaults]
> in /etc/krb5.conf
> and forget about systemd.
> Works here on 13.1
> HTH,
> Steve
I hope to fix this if I can manage to upgrade our internal Heimdal
version. I'm currently having some difficulty with that, but modern
Heimdal supports DIR: caches.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list