[Samba] Strange KVNO updating

Matthieu Patou mat at samba.org
Wed Oct 1 16:07:39 MDT 2014

Hi Bruno,
On 09/30/2014 11:12 PM, Bruno MACADRÉ wrote:
> Hi,
>     I'm working in an educational environment so I've some obligations 
> that complicate my work. For example in all rooms of practical class 
> all the workstations are in dual boot (Win7 + XUbuntu 14.04). I've 
> tried 2 solutions :
>         1- Setting the same hostname to both OS, joigning Win7 to AD 
> and using the created (by joining) keytab on linux side for sssd.
>         2- Setting different hostname to both OS, joigning Win7 to AD 
> and joigning linux to AD, using winbind for users and groups.
>     I've chosen the first one (may be it's not the better choice....), 
> but actually I'm facing a strange problem... some times my keytab on 
> the Samba4 server is updated (KVNO incremented) without any human 
> intervention.... so my sssd on linux side can't speak with the server 
> anymore....
Is Samba4 your AD DC ?, if so when you say that the keytab is updated is 
not really that it's the info stored in the computer object that are 
changed (and amongst them the kvno).
>     Is anybody know why a keytab can change internaly ?
>     Can Win7 change keytab (refresh or modify or anything else) when 
> any user using it ?
Windows machine are changing periodically their password, when the 
password is changed the kvno is also changed.

>     I just want to understand why I have to upload new keytab on linux 
> side frequently ?
>     I know this problem isn't really a samba problem, but I hope that 
> somebody on this list knows this behaviour...
You can create a GPO that will apply only on Computers to disable 
password change.

Matthieu Patou
Samba Team

More information about the samba mailing list