[Samba] Strange KVNO updating
Matthieu Patou
mat at samba.org
Wed Oct 1 16:07:39 MDT 2014
Hi Bruno,
On 09/30/2014 11:12 PM, Bruno MACADRÉ wrote:
> Hi,
>
> I'm working in an educational environment so I've some obligations
> that complicate my work. For example in all rooms of practical class
> all the workstations are in dual boot (Win7 + XUbuntu 14.04). I've
> tried 2 solutions :
>
> 1- Setting the same hostname to both OS, joigning Win7 to AD
> and using the created (by joining) keytab on linux side for sssd.
>
> 2- Setting different hostname to both OS, joigning Win7 to AD
> and joigning linux to AD, using winbind for users and groups.
>
> I've chosen the first one (may be it's not the better choice....),
> but actually I'm facing a strange problem... some times my keytab on
> the Samba4 server is updated (KVNO incremented) without any human
> intervention.... so my sssd on linux side can't speak with the server
> anymore....
Is Samba4 your AD DC ?, if so when you say that the keytab is updated is
not really that it's the info stored in the computer object that are
changed (and amongst them the kvno).
>
> Is anybody know why a keytab can change internaly ?
>
> Can Win7 change keytab (refresh or modify or anything else) when
> any user using it ?
Windows machine are changing periodically their password, when the
password is changed the kvno is also changed.
>
> I just want to understand why I have to upload new keytab on linux
> side frequently ?
>
> I know this problem isn't really a samba problem, but I hope that
> somebody on this list knows this behaviour...
>
You can create a GPO that will apply only on Computers to disable
password change.
--
Matthieu Patou
Samba Team
http://samba.org
More information about the samba
mailing list