[Samba] Compatibility With PaloAlto User Identification
Andrew Bartlett
abartlet at samba.org
Tue Feb 15 20:18:06 UTC 2022
On Tue, 2022-02-15 at 15:12 -0500, ralph strebbing wrote:
> On Tue, Feb 15, 2022 at 1:37 AM Andrew Bartlett <abartlet at samba.org> wrote:
> > If you get that working, I would love to see a wiki page describing the
> > arrangement so we can help others with similar devices.
> A way that I'm going to try getting this working is to use the
> Kerberos approach by getting Kerberos v5 SSO set up. The thing I'm
> hung up on right now is getting the keytab generated properly.
> https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/authentication/configure-kerberos-single-sign-on.html
> The above link describes the commands to run on a windows DC, how
> should those translate for Samba?
samba-tool domain exportkeyab is your friend, running on the DC. Just
specify the SPN you need to export, otherwise you will export the whole
domain. Check with ktutil.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
More information about the samba
mailing list