[Samba] Joining Samba4 to Win 2008 AD domain breaks other kerberos functions

Rowland Penny rpenny at samba.org
Thu Mar 16 19:01:37 UTC 2017

On Thu, 16 Mar 2017 14:48:01 -0400
Gaiseric Vandal via samba <samba at lists.samba.org> wrote:

> Samba expects the keytab file as /etc/krb5.keytab.
> Solaris 11 looks for a keytab file in /etc/krb5/krb5.keytab
> When samba joins the domain it (probably) updates the machine
> password and then updates its krb5.keytab file.       When connecting
> via ssh, the system would use a keytab file that had the wrong kvno
> and probably the wrong password key.
> The following symlink command fixed ssh logins
>      ln -s /etc/krb5.keytab /etc/krb5/krb5.keytab

Did you try:

kerberos method = dedicated keytab
dedicated keytab file = /etc/krb5/krb5.keytab


More information about the samba mailing list