[Samba] Keytabs (obviously) not valid after password change
steve
steve at steve-ss.com
Sun Aug 17 15:57:09 MDT 2014
On Sun, 2014-08-17 at 16:34 -0300, George wrote:
> I am running 4.1.9, with the keytab exported using samba-tool and placed on
> /etc/krb5.keytab
Hi
No need to do that. There's an easier method...
>
> It looked strange that this has been barely mentioned on the lists. Some
> misconfiguration on my side maybe?
>
> Steve, do you have "kerberos method" set on your member servers?
Yes:
kerberos method = system keytab
The default is secrets only.
The easiest way to set the correct keytab is to use the line above and
the keytab will be created on domain join via net ads. If you've already
joined, add the line and use net ads keytab create.
HTH
** we are with 4.1.7
>
> Best regards,
>
> George
>
> On Sun, Aug 17, 2014 at 7:24 AM, steve <steve at steve-ss.com> wrote:
>
> > On Sun, 2014-08-17 at 00:12 -0300, George wrote:
> > > every
> > > 7 days Samba changes the machine account password which drives the keytab
> > > unusable.
> >
> > Hi
> > 4.1.7 AD with sssd 1.12.0
> > We don't observe that behaviour. sssd uses the machine key of the box it
> > is running upon. Our Linux machines have been up months with the same
> > keytab. Maybe something has changed recently? Anyone else?
> > Cheers,
> > Steve
> >
More information about the samba
mailing list