[Samba] Exporting keytab with samba-tool
Rowland Penny
rpenny at samba.org
Sun Feb 27 09:52:41 UTC 2022
On Sun, 2022-02-27 at 10:08 +0300, Michael Tokarev via samba wrote:
> Hi!
>
> I'm aware for the wiki page about the subject, this one:
> https://wiki.samba.org/index.php/Generating_Keytabs
>
> I even added comments to this page, to the "Discussion"
> section.
>
> How to actually export keytab for a given principal?
> Be it samba-tool or something else?
You can export a keytab using the information shown on the wikipage you
linked to.
>
> I weren't able to export any enctypes besides RC4-HMAC.
> Even if this enctype is explicitly *disabled* for the principal,
> by net ads enctypes set command.
Now that is strange, when I try it, I get this:
pi at rpidc1:~ $ sudo samba-tool domain exportkeytab --principal=dhcpduser
/tmp/dhcpduser1.keytab
Export one principal to /tmp/dhcpduser1.keytab
pi at rpidc1:~ $ sudo klist -ke /tmp/dhcpduser1.keytab
Keytab name: FILE:/tmp/dhcpduser1.keytab
KVNO Principal
---- ------------------------------------------------------------------
--------
1 dhcpduser at SAMDOM.EXAMPLE.COM (aes256-cts-hmac-sha1-96)
1 dhcpduser at SAMDOM.EXAMPLE.COM (aes128-cts-hmac-sha1-96)
1 dhcpduser at SAMDOM.EXAMPLE.COM (arcfour-hmac)
I think we need a bit more info, what OS, Samba version and where are
you creating the keytab.
Rowland
More information about the samba
mailing list