[Samba] Samba4 and keytabs

Jussi Vainionpää jussinsambalist at vainionpaa.net
Mon May 3 09:33:32 MDT 2010


I installed Samba4 according to the HOWTO. The provisioning created a 
user (dns) and a keytab for DNS updates, but the service principal in 
the keytab seems to be wrong for me (the domain name instead of 

What would be the correct way of changing / adding service principals 
associated with a user and re-generating the keytab?

I got the dns updates working by adding a new user with ADUC and 
creating the keytab with ktpass on a windows machine joined to the 
domain, but that seems unnecessarily complicated and results in a keytab 
with different encryption methods compared to the one created by provision.

Besides dns, service principals and keytabs are needed also for a bunch 
of other services (imap, smtp, http); would the same methods apply?

More information about the samba mailing list