[Samba] Urgent... winbind and keytab file creation
Oliver Weinmann
oliver.weinmann at vega.de
Wed Apr 2 09:47:18 GMT 2008
not yet? does it create a keytab file?
i tested the same thing on rhel4 with MIT kerberos and here it creates the krb5.keytab file under /etc/krb5.keytab i then linked it to /etc/krb5/krb5.keytab and now i can see all the keys with klist -k, but i can't use them:
[root at rhel4wbtest2 etc]# klist -k
Keytab name: FILE:/etc/krb5/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
2 host/rhel4wbtest2.vegagroup.net at VEGAGROUP.NET
2 host/rhel4wbtest2.vegagroup.net at VEGAGROUP.NET
2 host/rhel4wbtest2.vegagroup.net at VEGAGROUP.NET
2 host/RHEL4WBTEST2 at VEGAGROUP.NET
2 host/RHEL4WBTEST2 at VEGAGROUP.NET
2 host/RHEL4WBTEST2 at VEGAGROUP.NET
2 RHEL4WBTEST2$@VEGAGROUP.NET
2 RHEL4WBTEST2$@VEGAGROUP.NET
2 RHEL4WBTEST2$@VEGAGROUP.NET
[root at rhel4wbtest2 etc]# kinit -k host/rhel4wbtest2.vegagroup.net
kinit(v5): Cannot find KDC for requested realm while getting initial credentials
-----Original Message-----
From: Guenther Deschner [mailto:gd at samba.org]
Sent: 02 April 2008 11:39
To: Oliver Weinmann
Cc: samba at lists.samba.org
Subject: Re: [Samba] Urgent... winbind and keytab file creation
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Oliver Weinmann wrote:
> Hi,
>
> I'm running winbind (3.0.28a) on SLES9 with heimdal Kerberos. Everything works fine so far. Now i need to have the host keytab generated by winbind to be in the default /etc/krb5/krb5.keytab in order to use nfs with kerberos security. The problem is i have set the parameter in smb.conf:
>
> use kerberos keytabe = true
>
> and as mentioned in man smb.conf i have set in krb5.conf
>
> default_keytab_name = FILE:/etc/krb5/krb5.keytab
>
> after a "net join ads" the krb5.keytab file is not created? do i have to create it myself? Is this not really implemented? What am I doing wrong?
Have you tried "net ads keytab create" ?
Guenther
- --
Günther Deschner GPG-ID: 8EE11688
Red Hat gdeschner at redhat.com
Samba Team gd at samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFH81Q/SOk3aI7hFogRAo9oAJ9olnYtnTFteNgF6jVpK/xdh9be8gCeNHVP
WjEvra9U//Tj25Y8hFjnDwg=
=peli
-----END PGP SIGNATURE-----
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
More information about the samba
mailing list