[Samba] winbind problems

Sketch smblist at rednsx.org
Thu Nov 12 21:08:09 UTC 2015

On Thu, 12 Nov 2015, Rowland Penny wrote:

>>  1.  What is the benefit of using 'secrets and keytab'?  All of my other
>>  member servers seem to function OK with the default 'secrets only'.
> It tries to use the secrets.tdb first for kerberos verification and if it 
> cannot do this, it uses the system keytab, bit of a belt & braces situation 
> really.

I would think the only reason you need the keytab file is for 
compatibility with other apps on the system.  kinit/klist, ssh, or any 
other type of local kerberos authentication you want to do may need access 
to the system keytab.  Note that if system keytab isn't set when you do 
the join, samba wont create the /etc/krb5.keytab file.

BTW, dedicated keytab file = /etc/krb5.keytab is the default system keytab 
file, so there's no need to specifically set it other than to make your 
config file larger.

More information about the samba mailing list