[Samba] Kerberos Principal

[David Thompson]

Thank you very much for this! It worked perfectly for me! 
_ _

DT

> On Feb 23, 2016, at 2:35 AM, L.P.H. van Belle <belle at bazuin.nl> wrote:
> 
> You mean something like : 
> 
> Create a user for a service.
> samba-tool user create squid-proxy --description="Unprivileged user for SQUID-Proxy Services" --random-password
> 
> Disable password expiry. 
> samba-tool user setexpiry squid-proxy --noexpiry
> 
> setting HTTP SPN on the proxy user (proxy1)
> samba-tool spn add HTTP/proxy1.internal.domain.tld squid-proxy
> samba-tool spn add HTTP/proxy1.internal.domain.tld at KERB_REALM squid-proxy
> 
> And export the keytab. 
> samba-tool domain exportkeytab --principal=HTTP/proxy1.internal.domain.tld /home/proxy1.keytab
> 
> Greetz, 
> 
> 
> 
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens David Thompson
>> Verzonden: maandag 22 februari 2016 18:59
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] Kerberos Principal
>> 
>> Hi all,
>> 
>> I’m looking to add in a kerberos principal on my server for the AD domain.
>> 
>> I see there are ways to do this for user(s), but I don’t see how to add a
>> principal for hosts.
>> 
>> In general, I’ld like to add something like the following to me 4.3.4
>> Domain:
>> 
>> ktpass -princ afpserver/fqdn at REALM -mapuser mapuser at domain +rndPass -out
>> afpserver.keytab
>> 
>> This is for a netatalk server. I’ve never had to add a principal to my
>> samba, so I’d just like come clarification as this is for a host and not a
>> user.
>> 
>> what would the 'samba-tool spn add …’ syntax look like in order to add in
>> a host principal
>> 
>> Thanks,
>> 
>> 
>> _ _
>> 
>> 
>> DT
>> 
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba