[Samba] self compiled samba domain member, jessie, pam config

Rowland Penny rowlandpenny241155 at gmail.com
Mon Oct 26 21:13:50 UTC 2015


On 26/10/15 21:01, mourik jan c heupink wrote:
> Hi,
>
> I have the keytab file, it just seems that:
>
> "technically "secrets and keytab" means that samba uses both the 
> internal secrets and system keytab file for keytab storage. secrets is 
> in memory (so this works even if changing uid). keytab on the other 
> hand is only opened when needed."
>
> So I have the keytab, I just needed to chmod g+r for it to be readable 
> after "winbindd forks, changes to the uid of the user that is logging 
> in."
>
> Both quotes above are from the samba bugreport. 
> (https://bugzilla.samba.org/show_bug.cgi?id=10490)
>
> And about your line
> >     winbind refresh tickets = Yes # <-- do you have this line
> Yes I do. I pretty much took the domain member server smb.conf from 
> the wiki.
>
> MJ
>
> On 26-10-2015 21:46, Rowland Penny wrote:
>>
>> If you don't have the keytab, try leaving the domain and re-joining,
>> this should create the keytab, if you do have the keytab, remove it
>> then, leave and re-join.
>

Weird, I have never had Problems (and if I start having them now, I am 
going to blame you :-) ) and this is my keytab permissions:

ls -la /etc/krb5.keytab
-rw------- 1 root root 1732 Oct 14 19:46 /etc/krb5.keytab

Rowland




More information about the samba mailing list