[Samba] AD-Integration of Samba4 AD DC machine itself?

Sven Geggus lists at fuchsschwanzdomain.de
Wed Mar 12 09:34:36 MDT 2014


Hello,

I have quite some experiance integration Linux Machines into AD
(mostly the M$ one up to now).

But now I have a Samba AD DC, which works fine so far.

If I understand this correctly, the server itself does not need to be "part"
of the domain itself as far as user administration is concerned, right?

For using nss-ldapd I would need a valid /etc/krb5.keytab instead of the
samba4 integrated database for kerberos principals.

Can I do the following:

1. run "samba-tool domain exportkeytab /etc/krb5.keytab"
2. stop samba: /etc/init.d/samba stop
3. add "kerberos method = system keytab" to /etc/samba/smb.conf
4. start samba: /etc/init.d/samba start

If so will users and computers added in futuere end up in /etc/krb5.keytab
as expected?

Furthermore, which tool can I use to duplicate the "MACHINE$@REALM"
prinzipal of my DC to the Unix style name style host/machine at REALM?

Regards

Sven

-- 
The main thing to note is that when you choose open source you don't
get a Windows operating system.
                                  (from http://www.dell.com/ubuntu)
/me is giggls at ircnet, http://sven.gegg.us/ on the Web


More information about the samba mailing list