[Samba] Strange KVNO updating

Bruno MACADRE bruno.macadre at univ-rouen.fr
Wed Oct 1 23:25:09 MDT 2014 

Le 02/10/2014 00:07, Matthieu Patou a écrit :
> Hi Bruno,
> On 09/30/2014 11:12 PM, Bruno MACADRÉ wrote:
>> Hi,
>>
>>     I'm working in an educational environment so I've some 
>> obligations that complicate my work. For example in all rooms of 
>> practical class all the workstations are in dual boot (Win7 + XUbuntu 
>> 14.04). I've tried 2 solutions :
>>
>>         1- Setting the same hostname to both OS, joigning Win7 to AD 
>> and using the created (by joining) keytab on linux side for sssd.
>>
>>         2- Setting different hostname to both OS, joigning Win7 to AD 
>> and joigning linux to AD, using winbind for users and groups.
>>
>>     I've chosen the first one (may be it's not the better 
>> choice....), but actually I'm facing a strange problem... some times 
>> my keytab on the Samba4 server is updated (KVNO incremented) without 
>> any human intervention.... so my sssd on linux side can't speak with 
>> the server anymore....
> Is Samba4 your AD DC ?, if so when you say that the keytab is updated 
> is not really that it's the info stored in the computer object that 
> are changed (and amongst them the kvno).
Yes I'm in Samba4 so I suppose that the keytab appears to be changed 
'cause the computer object was modified.

>>
>>     Is anybody know why a keytab can change internaly ?
>>
>>     Can Win7 change keytab (refresh or modify or anything else) when 
>> any user using it ?
> Windows machine are changing periodically their password, when the 
> password is changed the kvno is also changed.
It's I supposed but I'm not advanced enough in win admin to know 
why..... this answer confirms my idea.
>>
>>     I just want to understand why I have to upload new keytab on 
>> linux side frequently ?
>>
>>     I know this problem isn't really a samba problem, but I hope that 
>> somebody on this list knows this behaviour...
>>
> You can create a GPO that will apply only on Computers to disable 
> password change.
If it's possible to disable password changing I will do that
>
>
Thanks a lot for your answers, it's what I've searched for long days !
Best Regards,
Bruno

More information about the samba mailing list