Web lists-archives.com

Re: [Samba] Joining Samba4 to Win 2008 AD domain breaks other kerberos functions

On 03/16/17 15:01, Rowland Penny via samba wrote:
On Thu, 16 Mar 2017 14:48:01 -0400
Gaiseric Vandal via samba <samba@xxxxxxxxxxxxxxx> wrote:

Samba expects the keytab file as /etc/krb5.keytab.

Solaris 11 looks for a keytab file in /etc/krb5/krb5.keytab

When samba joins the domain it (probably) updates the machine
password and then updates its krb5.keytab file.       When connecting
via ssh, the system would use a keytab file that had the wrong kvno
and probably the wrong password key.

The following symlink command fixed ssh logins

      ln -s /etc/krb5.keytab /etc/krb5/krb5.keytab

Did you try:

kerberos method = dedicated keytab
dedicated keytab file = /etc/krb5/krb5.keytab


I did. It seemed to be ignored. When I join samba to a domain, I don't know if it will update an existing keytab file or overwrite it. The symlink seemed an easy workaround.

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba