[Samba] Keytabs (obviously) not valid after password change
Ryan Ashley
ryana at reachtechfp.com
Sun Aug 17 16:18:42 MDT 2014
When Rowland had me join my server to the domain it created its own keytab. There was no exporting from the DC. I thought the keytab exported via samba-tool was for DNS, not Kerberos. Then again, I have never had to export it and may be wrong. Either way, each member server should create its own keytab when you join it to your domain, if the configuration specifies one.
Sent from my Verizon Wireless 4G LTE smartphone
<div>-------- Original message --------</div><div>From: George <jorgito1412 at gmail.com> </div><div>Date:2014/08/17 15:34 (GMT-05:00) </div><div>To: samba at lists.samba.org </div><div>Subject: Re: [Samba] Keytabs (obviously) not valid after password change </div><div>
</div>I am running 4.1.9, with the keytab exported using samba-tool and placed on
/etc/krb5.keytab
It looked strange that this has been barely mentioned on the lists. Some
misconfiguration on my side maybe?
Steve, do you have "kerberos method" set on your member servers?
Best regards,
George
On Sun, Aug 17, 2014 at 7:24 AM, steve <steve at steve-ss.com> wrote:
> On Sun, 2014-08-17 at 00:12 -0300, George wrote:
> > every
> > 7 days Samba changes the machine account password which drives the keytab
> > unusable.
>
> Hi
> 4.1.7 AD with sssd 1.12.0
> We don't observe that behaviour. sssd uses the machine key of the box it
> is running upon. Our Linux machines have been up months with the same
> keytab. Maybe something has changed recently? Anyone else?
> Cheers,
> Steve
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list