[Samba] Kerberos Principal
L.P.H. van Belle
belle at bazuin.nl
Tue Feb 23 07:35:55 UTC 2016
You mean something like :
Create a user for a service.
samba-tool user create squid-proxy --description="Unprivileged user for SQUID-Proxy Services" --random-password
Disable password expiry.
samba-tool user setexpiry squid-proxy --noexpiry
setting HTTP SPN on the proxy user (proxy1)
samba-tool spn add HTTP/proxy1.internal.domain.tld squid-proxy
samba-tool spn add HTTP/proxy1.internal.domain.tld at KERB_REALM squid-proxy
And export the keytab.
samba-tool domain exportkeytab --principal=HTTP/proxy1.internal.domain.tld /home/proxy1.keytab
Greetz,
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens David Thompson
> Verzonden: maandag 22 februari 2016 18:59
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Kerberos Principal
>
> Hi all,
>
> I’m looking to add in a kerberos principal on my server for the AD domain.
>
> I see there are ways to do this for user(s), but I don’t see how to add a
> principal for hosts.
>
> In general, I’ld like to add something like the following to me 4.3.4
> Domain:
>
> ktpass -princ afpserver/fqdn at REALM -mapuser mapuser at domain +rndPass -out
> afpserver.keytab
>
> This is for a netatalk server. I’ve never had to add a principal to my
> samba, so I’d just like come clarification as this is for a host and not a
> user.
>
> what would the 'samba-tool spn add …’ syntax look like in order to add in
> a host principal
>
> Thanks,
>
>
> _ _
>
>
> DT
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list