[Samba] Fwd: Re: Samba4 and sssd, keytab file expires?
Alessandro Briosi
tsdogs at briosix.org
Wed Dec 31 08:48:09 MST 2014
Il 2014-12-31 16:29 Dr. Lars Hanke ha scritto:
>>> OK, you can get winbind to update your keytab, you need to alter your
>>> smb.conf slightly. You need to change 'kerberos method = secrets
>>> only'
>>> to either 'kerberos method = secrets and keytab' or 'kerberos method
>>> =
>>> system keytab' and add the line
>>>
>>> 'dedicated keytab file = /etc/krb5.keytab'.
>>
>> OOPS, I forgot a line, also add 'winbind refresh tickets = Yes' to
>> smb.conf
>
> Alessandro said to use sssd in the original post. Didn't use that so
> far, but I don't have any evidence that it would read winbind settings
> from smb.conf.
>
> Regards,
> - lars.
Exactly, winbind is not used. It was used as a start, but would prefer
to use sssd.
What I'm not sure is why the kerberos keytab file expires. This does not
happen on the DC, but only on this member server.
I might schedule a script to update the keytab file, though I'm not sure
that's the expected behaviour.
Ciao,
Alessandro
More information about the samba
mailing list