[Samba] Samba 4.1.17-Debian as ADS member
Sketch
smblist at rednsx.org
Wed Feb 24 13:18:17 UTC 2016
On Wed, 24 Feb 2016, Stefan G. Weichinger wrote:
> Am 2016-02-24 um 13:32 schrieb Rowland penny:
>> I would add a few extra lines:
>>
>> dedicated keytab file = /etc/krb5.keytab
>> kerberos method = secrets and keytab
>> winbind refresh tickets = Yes
>> idmap config CUST:schema_mode = rfc2307
>>
>> The first three should ensure the tickets never expire and the last one
>> defines the schema that idmap will use.
>
> I had crashes as the /etc/krb5.keytab does not yet exist and the howto
> looked complicated. Will attack that one again, OK.
If you have "secrets and keytab" set before you do the "net ads join", it
will create /etc/krb5.keytab automatically. I would just do the join
again to create the keytab file. There is no harm in rejoining a machine
to the domain as far as I'm aware.
More information about the samba
mailing list