[Samba] Samba4 and keytabs

Michael Wood esiotrot at gmail.com
Mon May 3 12:45:36 MDT 2010

On 3 May 2010 17:33, Jussi Vainionpää <jussinsambalist at vainionpaa.net> wrote:
> Hello,
> I installed Samba4 according to the HOWTO. The provisioning created a user
> (dns) and a keytab for DNS updates, but the service principal in the keytab
> seems to be wrong for me (the domain name instead of ns1.domainname).
> What would be the correct way of changing / adding service principals
> associated with a user and re-generating the keytab?
> I got the dns updates working by adding a new user with ADUC and creating
> the keytab with ktpass on a windows machine joined to the domain, but that
> seems unnecessarily complicated and results in a keytab with different
> encryption methods compared to the one created by provision.
> Besides dns, service principals and keytabs are needed also for a bunch of
> other services (imap, smtp, http); would the same methods apply?

It looks like the source4/setup/spn_update_list file contains the list
of principles.

I haven't dug around enough to know what the proper way is to do what you need.

I suspect you will get more help with this on the samba-technical list.

Michael Wood <esiotrot at gmail.com>

More information about the samba mailing list