[Samba] Linux client of the domain - SSSD : authenticating via Kerberos
steve
steve at steve-ss.com
Thu Dec 19 10:24:23 MST 2013
On Thu, 2013-12-19 at 18:16 +0100, Cyril wrote:
> Le 19/12/2013 18:10, steve a écrit :
> >
> >>>
> >>> Can you give us a:
> >>> klist -ke /etc/krb5.sssd.keytab
> >>> How did you create it?
> >>>
> >>> HTH
> >>> Steve
> >>>
> >>>
> >>
> >>
> >>
> >> Runnig klist -ke /etc/krb5.sssd.keytab on the server give me :
> >>
> >> Keytab name: FILE:/etc/krb5.sssd.keytab
> >> KVNO Principal
> >> ----
> >> --------------------------------------------------------------------------
> >> 1 myserver$@SUBDOMAIN.DOMAIN.FR (des-cbc-crc)
> >> 1 myserver$@SUBDOMAIN.DOMAIN.FR (des-cbc-md5)
> >> 1 myserver$@SUBDOMAIN.DOMAIN.FR (arcfour-hmac)
> >>
> >> Is the "$" normal ?
> >
> > Yes. It's windows for 'machine key'.
> >
> >> I create this file running :
> >
> >
> >>
> >> # samba-tool domain exportkeytab /etc/krb5.sssd.keytab --principal=myserver$
> >> # chown root:root /etc/krb5.sssd.keytab
> >> # chmod 600 /etc/krb5.sssd.keytab
> >
> > Perfect.
> >>
> >> weird this $ symbole at the end of the command no ?
> >
> > It's fine. It's friendly. We love machine keys here.
> > Steve
> >
> >
> Does that mean that this line :
> ldap_sasl_authid = myserver at SUBDOMAIN.DOMAIN.FR
> should be
> ldap_sasl_authid = myserver$@SUBDOMAIN.DOMAIN.FR
> ?
Yes.
Steve
More information about the samba
mailing list