[Samba] NT_STATUS_NETWORK_SESSION_EXPIRED Domain member
Rowland Penny
rpenny at samba.org
Mon Dec 17 15:08:24 UTC 2018
On Mon, 17 Dec 2018 15:38:02 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> Hm,,
>
> Good question Marco, now after re-reading it, i understand what you
> trying to say. How i did read it and understand it.
>
> dedicated keytab file (G)
> Specifies the absolute path to the kerberos keytab file when
> `kerberos method` is set to "dedicated keytab". When the kerberos
> method is in "dedicated keytab" mode, dedicated keytab file must be
> set to specify the location of the keytab file.
>
> So you options are
> kerberos method = secret only ( the default.)
> so no changes in smb.conf by default.
> kerberos method = system keytab
> assumes the system default ( /etc/krb5.keytab )
Sorry, but no it doesn't ;-), the 'system keytab' is by default in
memory.
> kerberos method = dedicated keytab
> can be : AnyPath/to/keytabfile.
> kerberos method = secrets and keytab - use the secrets.tdb first,
> then the system keytab
>
> I think we should define "system keytab" a bit beter in smb.conf.
You are probably right Louis, want to make this your first patch as a
Samba team member ?
>
> So yeah, you might say, `kerberos method = secrets and keytab` should
> work fine without the setting :
Yes it will, but anything else that needs an actual keytab wont.
> dedicated keytab file If thats not
> the case then we need 2 of these : kerberos method = secrets and
> keytab kerberos method = secrets and system-keytab kerberos method =
> secrets and dedicate-keytab
>
> What i think, but i cant see it in the code, maybe Rowland can tell
> this.
Just did ;-)
Rowland
More information about the samba
mailing list