[Samba] HOW-TO (mini): Samba in an ADS environment

Andrew Bartlett abartlet at samba.org
Sat May 1 00:34:21 GMT 2004

On Sat, 2004-05-01 at 04:29, Bob Rasey wrote:
> Hi Mark,
> On Fri, Apr 30, 2004 at 07:40:52PM +0200, Mark Proehl wrote:
> > 
> > I read your mini howto. You suggest to delete /etc/krb5.keytab. But this file 
> > is needed by other kerberized services on the unix server, eg. sshd. 
> > 
> > Is it possible to use the same keytab file for samba and the other services?
> > 
> > What happens to other kerberized services if samba changes the server key?
> I'm no Samba expert, but my understanding of how I've set this system
> up is that authentication on the Linux side happens via Winbind, and
> Winbind uses the keytab generated by Samba when you "net ads join".
> The end of chapter 21 in the official Samba HOW-TO discusses
> leveraging Winbind for authenticating services other than Samba.

Patches are being proposed on the samba-technical list to allow Samba to
work with and update the system keytab.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040501/b818ad33/attachment.bin

More information about the samba mailing list