Web lists-archives.com

Re: [Samba] [samba] Member server winbind issue




On Sun, 23 Jul 2017 14:14:20 +1200
Andrew Bartlett via samba <samba@xxxxxxxxxxxxxxx> wrote:

> It may or may not be your issue, but lets start by getting your
> configuration 'typical':
> 
> On Sun, 2017-07-23 at 01:33 +0200, mathias dufresne via samba wrote:
> >   security = ADS
> 
> This (security=ads) is a contradiction with:
> 
> >   kerberos method = dedicated keytab
> >   dedicated keytab file = /etc/krb5.keytab
> 
> Just remove these two lines, and let Samba handle the keytab and
> domain membership.  You do need to join the domain.
> 
> Andrew Bartlett
> 

You only need the 'dedicated keytab' line if you also need something
else to be able to read the keytab (dovecot etc)

If you are going to use a dedicated keytab, I would use 'kerberos
method = secrets and keytab'

With this in smb.conf:

    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab

'wbinfo -i username' works.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba