[Samba] NFSv4 / Krb / wildcard in keytab

Sketch smblist at rednsx.org
Thu Mar 31 13:41:54 UTC 2016


On Thu, 31 Mar 2016, Service Informatique IF wrote:

> The problem for us is to join computer automatically to Samba : Maybe 
> you have a solution ? (without passwd)

It's not exactly without password, but if you are building your own 
machines via kickstart or similar and just want to automate the join, you 
can do a "net ads join -UAdministrator%password".

In theory you could do this with a kerberos keytab as well, using kinit 
with the keytab file, then a "net join -k" (possibly "-k yes"), as 
described here 
https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server 
However, I seem to recall not being able to get "net join -k" to work last 
time I tried.  I'm also not sure that distributing keytabs for 
adminsitrative accounts is any better than using a password.

> Or maybe if it's possible, create computer accounts in Samba with 
> samba-tool user add ...  and so, I could create computer keytab directly 
> from Samba.

I suspect this may be possible, but I've never tried it.  You would also 
have to copy the keytab to the appropriate machines after creating them.



More information about the samba mailing list