[Samba] Keytabs (obviously) not valid after password change

steve steve at steve-ss.com
Tue Aug 19 03:59:37 MDT 2014


On Mon, 2014-08-18 at 19:39 -0300, George wrote:
> On Sun, Aug 17, 2014 at 6:57 PM, steve <steve at steve-ss.com> wrote:
> 
> > Yes:
> > kerberos method = system keytab
> >
> > The default is secrets only.
> >
> > The easiest way to set the correct keytab is to use the line above and
> > the keytab will be created on domain join via net ads. If you've already
> > joined, add the line and use net ads keytab create.
> >
> 
> Ok! That's why the keytab is not expiring then. Thanks for the tip!
> 
> Best regards!
> 
> George

Just in case this is used for reference, it is not a case of expiring.
The keytab that is produced upon domain join or via the net command is
not updated unless by manual intervention.
Cheers,
Steve




More information about the samba mailing list