Web lists-archives.com

Re: [Samba] Joining Samba4 to Win 2008 AD domain breaks other kerberos functions





On 03/16/17 15:01, Rowland Penny via samba wrote:
On Thu, 16 Mar 2017 14:48:01 -0400
Gaiseric Vandal via samba <samba@xxxxxxxxxxxxxxx> wrote:

Samba expects the keytab file as /etc/krb5.keytab.

Solaris 11 looks for a keytab file in /etc/krb5/krb5.keytab

When samba joins the domain it (probably) updates the machine
password and then updates its krb5.keytab file.       When connecting
via ssh, the system would use a keytab file that had the wrong kvno
and probably the wrong password key.


The following symlink command fixed ssh logins

      ln -s /etc/krb5.keytab /etc/krb5/krb5.keytab

Did you try:

kerberos method = dedicated keytab
dedicated keytab file = /etc/krb5/krb5.keytab

Rowland


I did. It seemed to be ignored. When I join samba to a domain, I don't know if it will update an existing keytab file or overwrite it. The symlink seemed an easy workaround.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba