[Samba] Joining Samba4 to Win 2008 AD domain breaks other kerberos functions
Rowland Penny
rpenny at samba.org
Thu Mar 16 19:01:37 UTC 2017
On Thu, 16 Mar 2017 14:48:01 -0400
Gaiseric Vandal via samba <samba at lists.samba.org> wrote:
> Samba expects the keytab file as /etc/krb5.keytab.
>
> Solaris 11 looks for a keytab file in /etc/krb5/krb5.keytab
>
> When samba joins the domain it (probably) updates the machine
> password and then updates its krb5.keytab file. When connecting
> via ssh, the system would use a keytab file that had the wrong kvno
> and probably the wrong password key.
>
>
> The following symlink command fixed ssh logins
>
> ln -s /etc/krb5.keytab /etc/krb5/krb5.keytab
>
Did you try:
kerberos method = dedicated keytab
dedicated keytab file = /etc/krb5/krb5.keytab
Rowland
More information about the samba
mailing list