[Samba] Samba 4 howto add nfs to krb5.keytab
Gémes Géza
geza at kzsdabas.hu
Sat Dec 31 05:01:42 MST 2011
2011-12-31 02:36 keltezéssel, steve írta:
> What's the syntax?
>
> I've tried:
> samba-tool spn add nfs/HH3.SITE Administrator
>
> which seems to work, but where do I go from here?
>
> THanks,
> Steve
>
First:
I wouldn't add an nfs spn for the Administrator account, instead would
create a separate account (e.g. nfs) for it: samba-tool user create ....
Second:
After having the user created ensure that it has des enctypes (nfs is
only accepting des-cbc-crc) (IMHO from windows mmc would be the easiest)
Third:
Change the password of the account
Fourth:
Do the spn stuff
Fifth:
Export a keytab for the spn: samba-tool domain exportkeytab
/path/to/the/keytab --principal=The_SPN_You_Have_Created
Sixth:
With (I use heimdal, for MIT it could be different) ktutil delete all
the enctypes from the created keytab EXCEPT des-cbc-crc.
Seventh:
Copy/Move the keytab to where your nfs server/library is expecting it to
be found.
Regards
Geza
More information about the samba
mailing list