[Samba] Fwd: Re: Samba4 and sssd, keytab file expires?
Rowland Penny
rowlandpenny at googlemail.com
Thu Jan 1 03:39:00 MST 2015
On 01/01/15 10:22, Alessandro Briosi wrote:
> Il 2014-12-31 18:24 Rowland Penny ha scritto:
>>
>> It expires because it was not created on the member server, having
>> said that, sssd should be able to update the keytab, I would suggest
>> that sssd is not setup correctly and as such, I think that you need to
>> take this problem to the sssd mailing list.
>>
>> If you decide to use winbind, which I can assure you will work, this
>> can be set up to do what you need, see my previous posts
>>
>> Rowland
>
> Ok, thanks for the clarification.
> Winbind works, it was working before (and there's no need for the
> keytab as it's a member server, imho).
>
> I'll try generating the keytab on the member server.
>
> Regards,
> Alessandro
Hi, if you have these two lines in smb.conf:
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
Remove /etc/krb5.keytab (if it exists), Leave the domain, then re-join
the domain, the keytab should be created for you (well it always has
been for me).
If you also have: 'winbind refresh tickets = Yes' in smb.conf, then
winbind will keep the keytab updated.
Rowland
More information about the samba
mailing list