[Samba] NFSv4 / Krb / wildcard in keytab
Sketch
smblist at rednsx.org
Thu Mar 31 13:41:54 UTC 2016
On Thu, 31 Mar 2016, Service Informatique IF wrote:
> The problem for us is to join computer automatically to Samba : Maybe
> you have a solution ? (without passwd)
It's not exactly without password, but if you are building your own
machines via kickstart or similar and just want to automate the join, you
can do a "net ads join -UAdministrator%password".
In theory you could do this with a kerberos keytab as well, using kinit
with the keytab file, then a "net join -k" (possibly "-k yes"), as
described here
https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server
However, I seem to recall not being able to get "net join -k" to work last
time I tried. I'm also not sure that distributing keytabs for
adminsitrative accounts is any better than using a password.
> Or maybe if it's possible, create computer accounts in Samba with
> samba-tool user add ... and so, I could create computer keytab directly
> from Samba.
I suspect this may be possible, but I've never tried it. You would also
have to copy the keytab to the appropriate machines after creating them.
More information about the samba
mailing list