[Samba] Samba 4 krb5.keytab confusion
Michael Wood
esiotrot at gmail.com
Mon Jan 9 05:50:10 MST 2012
On 9 January 2012 14:30, steve <steve at steve-ss.com> wrote:
> On 09/01/12 12:12, Michael Wood wrote:
>>
>> On 9 January 2012 12:56, steve<steve at steve-ss.com> wrote:
[...]
>>> Hi
>>> Rename the keytab, touch /etc/krb5.keytab to start with a blank keytab
>>> and
>>> add only the nfs principal? What about all the other stuff about cifs and
>>> host that are in there. Are they not needed?
>>
>>
>> "samba-tool domain exportkeytab" creates a new keytab file, so no need
>> to create an empty file. i.e. you would not be "adding" only the NFS
>> principal. You would be creating a new keytab file with only the NFS
>> principal in it.
>>
>> As for the other things in the keytab, I can't say off hand whether or
>> not you need them, but I suspect not.
>
> Hi Michael
> I moved the old keytab just to be sure, made a user for nfs, as Geza
> suggested on list, recreated the keytab and added nfs to it:
>
> samba-tool user add nfs-service-account
> samba-tool spn add nfs nfs-service-account
>
> samba-tool domain exportkeytab /etc/krb5.keytab --principal=nfs/HH3.SITE
>
> I now have a brand new shiny keytab! Thanks so much for your help.
No problem.
--
Michael Wood <esiotrot at gmail.com>
More information about the samba
mailing list