[Samba] Generating keytab on a read-only file system

L.P.H. van Belle belle at bazuin.nl
Thu Dec 27 08:10:33 UTC 2018


Hai, 


First, I suggest read : https://wiki.samba.org/index.php/Keytab_Extraction 
Second, it his for a member or AD-DC?
	Thats because of the location of the keytab and the ad-dc creates its own keytab file.
Thirth, are any other services going to use it? 
Last, root must be able to write the keytab file.

If you place the keytab in an other non-default location like : 
With :  dedicated keytab file = /tmp/krb5.keytab

Then dont forget the symlynk to /etc/krb5.keytab also. 
Most client programs look at the default location /etc/krb5.keytab. 


Greetz, 

Louis





> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Taner Tas via samba
> Verzonden: woensdag 26 december 2018 11:21
> Aan: Chris
> CC: Taner Tas via samba
> Onderwerp: Re: [Samba] Generating keytab on a read-only file system
> 
> 
> > > 
> > > dedicated keytab file = /tmp/krb5.keytab
> > > 
> > > For which programs do you use the keytab?  
> > 
> > I already tried that. But still tries to write at /etc. It 
> seems this
> > parameter used when you have a keytab already.
> > 
> 
> Ok, It seems I figured it out:
> 
> Once on nfs-root (server):
> ln -s /var/lib/samba/krb5.keytab /etc/krb5.keytab
> 
> Then make this run during boot on client (pre samba and sssd):
> export KEYTAB="/var/lib/samba/krb5.keytab"
> [ -f $KEYTAB ] || cat /dev/null > $KEYTAB
> 
> This way, keytab content created in an existing but an empty file.
> __
> Taner Tas
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 




More information about the samba mailing list