[Samba] Obtaining TGT using service principal name
Bobby Kirchgessner
asuranzala at gmail.com
Mon Feb 3 19:36:19 MST 2014
Thank you for the quick response.
I see, so net ads join creates a machine principal automatically? I thought
that it might, but it appears that FreeNAS tries to net ads join / net ads
leave every time the services start and stop, so I am not sure how it could
do that without storing the administrator password.
Once the server in joined to the domain, I can kinit as my cifs-server
account, correct? But why do I not get entries for ldap/cifs in klist?
On Mon, Feb 3, 2014 at 9:32 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> On Mon, 2014-02-03 at 21:27 -0500, Bobby Kirchgessner wrote:
> > Dear Andrew,
> >
> >
> > Thanks for your reply, and hopefully you can help resolve my
> > confusion.
> >
> >
> > I am using Samba4 on a virtual machine to handle my DNS/DC, with a
> > FreeNAS server providing CIFS mounts to users on my network. I would
> > like to handle permissions based on the DC users database, so I
> > followed the guide here:
> > http://doc.freenas.org/index.php/Directory_Services. In order to avoid
> > storing my DC administrator password in the FreeNAS database, I opted
> > to setup a keytab. The FreeNAS guide lists these commands for doing
> > so:
>
> While the admin password is used, it shouldn't be stored. If you worry,
> change it after you give it to FreeNAS.
>
> Samba, running on the FreeNAS, will be much happier with a machine
> account it creates.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba
>
>
>
>
>
More information about the samba
mailing list