[Samba] Joining Samba4 to Win 2008 AD domain breaks other kerberos functions
gaiseric.vandal at gmail.com
Tue Mar 21 12:57:22 UTC 2017
On 03/16/17 15:01, Rowland Penny via samba wrote:
> On Thu, 16 Mar 2017 14:48:01 -0400
> Gaiseric Vandal via samba <samba at lists.samba.org> wrote:
>> Samba expects the keytab file as /etc/krb5.keytab.
>> Solaris 11 looks for a keytab file in /etc/krb5/krb5.keytab
>> When samba joins the domain it (probably) updates the machine
>> password and then updates its krb5.keytab file. When connecting
>> via ssh, the system would use a keytab file that had the wrong kvno
>> and probably the wrong password key.
>> The following symlink command fixed ssh logins
>> ln -s /etc/krb5.keytab /etc/krb5/krb5.keytab
> Did you try:
> kerberos method = dedicated keytab
> dedicated keytab file = /etc/krb5/krb5.keytab
I did. It seemed to be ignored. When I join samba to a domain, I
don't know if it will update an existing keytab file or overwrite
it. The symlink seemed an easy workaround.
More information about the samba