[Samba] Linux client of the domain - SSSD : authenticating via Kerberos

[Cyril]

Le 19/12/2013 18:10, steve a écrit :
>
>>>
>>> Can you give us a:
>>> klist -ke /etc/krb5.sssd.keytab
>>> How did you create it?
>>>
>>> HTH
>>> Steve
>>>
>>>
>>
>>
>>
>> Runnig klist -ke /etc/krb5.sssd.keytab on the server give me :
>>
>> Keytab name: FILE:/etc/krb5.sssd.keytab
>> KVNO Principal
>> ----
>> --------------------------------------------------------------------------
>>      1 myserver$@SUBDOMAIN.DOMAIN.FR (des-cbc-crc)
>>      1 myserver$@SUBDOMAIN.DOMAIN.FR (des-cbc-md5)
>>      1 myserver$@SUBDOMAIN.DOMAIN.FR (arcfour-hmac)
>>
>> Is the "$" normal ?
>
> Yes. It's windows for 'machine key'.
>
>> I create this file running :
>
>
>>
>> # samba-tool domain exportkeytab /etc/krb5.sssd.keytab --principal=myserver$
>> # chown root:root /etc/krb5.sssd.keytab
>> # chmod 600 /etc/krb5.sssd.keytab
>
> Perfect.
>>
>> weird this $ symbole at the end of the command no ?
>
> It's fine. It's friendly. We love machine keys here.
> Steve
>
>
Does that mean that this line :
ldap_sasl_authid = myserver at SUBDOMAIN.DOMAIN.FR
should be
ldap_sasl_authid = myserver$@SUBDOMAIN.DOMAIN.FR
  ?


Cyril