Patch: System keytab usage improvements
James, Garrick
garrick.james at wamu.net
Fri Jun 11 21:10:05 GMT 2004
> I've incorporated this small fix in, and put together yet
> another updated keytab patch, available here:
> http://www.pppl.gov/~dperry/patches/keytab.v8.samba-3.0.5pre1.diff
>
> Thanks for spotting that, Garrick.
No problem. Woo Whoo! My first Samba patch submission. :-)
> -Dan
We did some testing with this patch applied to Samba in a Win 2k AD
domain. All of our testing worked like a charm. :-)
We were able to add Samba servers to the AD realm/domain successfully
(both specifying a specific OU or using the default OU). We configured
pam_krb5 into our PAM stack and now pam-aware applications validate
credentials using kerberos. We manually change the system's account
password (using the net command) and everything continued to work great.
Cool stuff!
Are there any outstanding issues that would prevent Dan's patch from
being rolled into the next release of Samba 3.0.x?
Our AD guys had one question for me to which I have not been able to
track down the answer. They wanted to know how often Samba changes its
machine account password. I found some stuff in various documents
discussing a parameter that can be tuned to control this for when
security = domain, but I haven't been able to find any info on this for
when security = ADS.
Does anyone know whether Samba changes its machine account password
periodically when in ADS mode? How often? Can the frequency be tuned
in smb.conf? Dan, does your patch change any of this behavior?
Thanks for making Samba even "more better". :-)
-Garrick James
More information about the samba-technical
mailing list