[Samba] Usage of the machine account for ldapsearch
Stefan Kania
stefan at kania-online.de
Wed Feb 4 11:43:18 UTC 2026
Hi Matthias,
first you need to create a keytab for your principal with:
samba-tool domain exportkeytab --principal=youraccount at YOUR.REALM /path/for/keytab/youraccount.keytab
Then, if you want to use the keytab for authentication with the ldap-tools do
kinit -k -t /path/for/keytab/youraccount.keytab youraccount
create a ldap.conf with the right URI and BASE then do a
ldapsearch
without any arguments this should list all the Objects youraccount has prmission to see.
Am 04.02.26 um 07:45 schrieb Matthias Kühne | Ellerhold Aktiengesellschaft via samba:
> I can run kinit 'TEST-SERVER$@AD.ELLERHOLD.LAN' and it prompts me for a
> PW. There must be a keytab somewhere on this server that I can use, right?
Matrix: @stkania:matrix.org
---------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20260204/fc6cdaac/OpenPGP_signature.sig>
More information about the samba
mailing list