[Samba] Kerberos authentication issue after upgrading from 4-14-stable to 4-15-stable
Alex
samba at abisoft.biz
Thu Jan 27 14:03:08 UTC 2022
>> Any ideas why?
> No, sorry, thats one i dont know, except that k5start might look in a different place which does not exist.
I checked that - it does read the file I specified.
>> The reason to use k5start is b/c some progs can't work with
>> keytab file directly. For example, nslcd.
> Aha.. But wait, if samba is already handle-ing it.
> Why not this way..
> (example for kerberos auth in squid )
> kinit Administrator
> export KRB5_KTNAME=FILE:/etc/squid/HTTP-$(hostname -s).keytab
> net ads_update keytab ADD HTTP/$(hostname -f)
> chmod 640 krb5-squid-HTTP-$(hostname -s).keytab
> chown root:proxy krb5-squid-HTTP-$(hostname -s).keytab
> Adjust it to you needs for nlscd but it shows how todo it.
> I think what will work also.
B/c (as I said) nslcd is not able to work thru a keytab file. It only supports ready-to-use TGT:
sasl_mech GSSAPI
krb5_ccname /tmp/krb5cc_nslcd
--
Best regards,
Alex
More information about the samba
mailing list