[Samba] Fwd: Re: Samba4 and sssd, keytab file expires?

Alessandro Briosi tsdogs at briosix.org
Wed Dec 31 08:48:09 MST 2014

Il 2014-12-31 16:29 Dr. Lars Hanke ha scritto:
>>> OK, you can get winbind to update your keytab, you need to alter your
>>> smb.conf slightly. You need to change 'kerberos method = secrets 
>>> only'
>>> to either 'kerberos method = secrets and keytab' or 'kerberos method 
>>> =
>>> system keytab' and add the line
>>> 'dedicated keytab file = /etc/krb5.keytab'.
>> OOPS, I forgot a line, also add 'winbind refresh tickets = Yes' to 
>> smb.conf
> Alessandro said to use sssd in the original post. Didn't use that so
> far, but I don't have any evidence that it would read winbind settings
> from smb.conf.
> Regards,
>  - lars.

Exactly, winbind is not used. It was used as a start, but would prefer 
to use sssd.

What I'm not sure is why the kerberos keytab file expires. This does not 
happen on the DC, but only on this member server.

I might schedule a script to update the keytab file, though I'm not sure 
that's the expected behaviour.


More information about the samba mailing list