[Samba] krb ticket for the computer account
Andreas Dan Larsson
andreas.d.larsson at axis.com
Thu Nov 11 01:37:16 MST 2010
> [DOMAIN\computercomputer ~]$ klist -5
> klist: No credentials cache found (ticket cache
> [DOMAIN\computercomputer ~]$ kinit -5 computer\$@domain.com
> Password for firstname.lastname@example.org:
> As you know, computer account passwords are not supposed to be entered
> users under normal circumstances.
> How can I obtain a krb5 ticket for the computer account?
To be able to check out a ticket in that way you need to set userprincipialname on the computeraccount. I do that when I join with:
# net ads join createupn="host/hostname.domain.tld at DOMAIN.TLD"
I then create a keytab file:
# net ads keytab create
You don't need a userprincipialname to have a keytab but you have to have upn set if you want to check out a ticket from a keytab to a ccache.
There are some options in smb.conf about kerberos keytab that I guess you want to use.
More information about the samba