[Samba] winbind problems
Sketch
smblist at rednsx.org
Thu Nov 12 21:08:09 UTC 2015
On Thu, 12 Nov 2015, Rowland Penny wrote:
>> 1. What is the benefit of using 'secrets and keytab'? All of my other
>> member servers seem to function OK with the default 'secrets only'.
>
> It tries to use the secrets.tdb first for kerberos verification and if it
> cannot do this, it uses the system keytab, bit of a belt & braces situation
> really.
I would think the only reason you need the keytab file is for
compatibility with other apps on the system. kinit/klist, ssh, or any
other type of local kerberos authentication you want to do may need access
to the system keytab. Note that if system keytab isn't set when you do
the join, samba wont create the /etc/krb5.keytab file.
BTW, dedicated keytab file = /etc/krb5.keytab is the default system keytab
file, so there's no need to specifically set it other than to make your
config file larger.
More information about the samba
mailing list