[Samba] Can't setup kerberos auth for samba4 server?
Rowland penny
rpenny at samba.org
Wed Oct 16 16:35:55 UTC 2019
On 16/10/2019 17:24, Thomas Schweikle via samba wrote:
> It is not a member server it's the PDC.
It is NOT a PDC, that is an NT4-style domain controller, you seem to be
talking about an AD DC with the PDC Emulator FSMO role.
> And after configuring
> /etc/krb5.conf you'll be able to
> # kinit Administrator
> Passwort für Administrator at ADA.DE:
> Warnung: Ihr Passwort wird in 39 Tagen am Mo 25 Nov 2019 08:22:41 CET
> ablaufen.
Your /etc/krb5.conf needs to contain only this:
[libdefaults]
default_realm = ADA.DE
dns_lookup_realm = false
dns_lookup_kdc = true
>
> And now:
> # net ads join -k
NO, not on an AD DC, you cannot join it to the domain, it is already joined
> Host is not configured as a member server.
> Invalid configuration. Exiting....
> Failed to join domain: This operation is only allowed for the PDC of the
> domain.
>
> But to authenticate on this PDC
This is not a PDC
> against the running samba I need some way
> to have /etc/krb5.keytab created ... some Howto this would be done would be
> nice!
>
Why didn't you say that in the first place ;-)
samba-tool domain exportkeytab /etc/krb5.keytab
Now you know how to create the keytab, why do you need it ?
Rowland
More information about the samba
mailing list