[Samba] Samba 4 kerberos and kinit
steve
steve at steve-ss.com
Thu Jan 12 02:58:49 MST 2012
On 12/01/12 06:15, Gémes Géza wrote:
> 2012-01-11 23:48 keltezéssel, steve írta:
>> Hi
>> After starting Samba 4, before anyone can do anything, Administrator
>> has to do a kinit to get a new ticket. This creates a cache
>> /tmp/krb5cc_0 with an expiry time.
>>
>> I've created a host principal and put it into the keytab:
>> samba-tool spn add host someuser
>> samba-tool domain exportkeytab /etc/krb5.keytab --principal=host/HH3.SITE
>>
>> How can I keep Samba 4 up without having to get a new Administrator
>> ticket every 10 hours?
>>
>> Thanks,
>> Steve
>>
>>
> That looks really strange.
>
> Could you send your smb.conf
> an output from ls -R /path/to/your/samba4/installation (assuming you
> aren't using some prepackaged version, but you've done a classic
> configure, make, make install).
>
> I've cc-ed samba-technical.
>
> Regards
>
> Geza
Hi Geza and thanks for the cc to s-technical. I still don't dare join.
I think that this is because I need the cache because I have added
rfc2307 attributes to the Samba4 LDAP and am using nslcd to map users.
cat /usr/local/samba/etc/smb.conf
# Global parameters
[global]
server role = domain controller
workgroup = CACTUS
realm = hh3.site
netbios name = HH3
passdb backend = samba4
template shell = /bin/bash
[netlogon]
path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[home]
path = /home/CACTUS
read only = No
[profiles]
path = /home/CACTUS/profiles
read only = no
grep -v "#" /etc/nslcd.conf
uid root
gid root
uri ldap://127.0.0.1/
base dc=hh3,dc=site
binddn cn=Administrator,cn=Users,dc=hh3,dc=site
bindpw 123 at Abcd
map passwd uid sAMAccountName
map passwd homeDirectory unixHomeDirectory
map shadow uid sAMAccountName
sasl_mech GSSAPI
sasl_realm HH3.SITE
The output of ls -R /usr/local/samba is at:
http://steve-ss.com/ls.txt
Thanks for your time (again)
Steve
More information about the samba
mailing list