[Samba] how to run ktpass with a Samba AD DC?
Jeff Sadowski
jeff.sadowski at gmail.com
Fri Jan 20 19:57:41 UTC 2017
I was trying to get authentication via kerberos working but I'm having
trouble trying to run ktpass as in step 6 here
http://robertan.com/home/2015/01/14/kerberos-auth-with-apachephp/
ktpass -princ HTTP/contoso.com at CONTOSO.COM -mapuser
CONTOSO\<USERNAME> -crypto all -ptype KRB5_NT_PRINCIPAL -pass
<PASSWORD> -out webpage.HTTP.keytab
I'm not sure of the syntax of even the microsoft command. In step 5 it
looked like they created a user apache but I don't see that in the command
at all.
even if I was able to run it I don't know what arguments to put in.
I saw other sites that suggest using ktutil instead. I ran
#ktutil
ktutil: addent -password -p apache@<mydomain> -k 1 -e RC4-HMAC
Password for apache@<mydomain>:
ktutil: wkt /etc/krb5.keytab
ktutil: q
as one of the sites suggested and
kinit apache@<mydomain>
worked with the password
and
kinit apache@<mydomain> -k -t /etc/krb5.keytab
worked without a password.
I did not see a "Delegation" tab when I open the "AD Users and Computers"
in my windows 10 pro
This document seems dated as I run into other areas of trouble.
I noticed in my apache log
PHP Notice: Undefined index: AUTH_TYPE
PHP Notice: Undefined index: REMOTE_USER
More information about the samba
mailing list