Re: [Samba] NT_STATUS_NETWORK_SESSION_EXPIRED Domain member
- Date: Mon, 17 Dec 2018 15:08:24 +0000
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] NT_STATUS_NETWORK_SESSION_EXPIRED Domain member
On Mon, 17 Dec 2018 15:38:02 +0100
"L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> Good question Marco, now after re-reading it, i understand what you
> trying to say. How i did read it and understand it.
> dedicated keytab file (G)
> Specifies the absolute path to the kerberos keytab file when
> `kerberos method` is set to "dedicated keytab". When the kerberos
> method is in "dedicated keytab" mode, dedicated keytab file must be
> set to specify the location of the keytab file.
> So you options are
> kerberos method = secret only ( the default.)
> so no changes in smb.conf by default.
> kerberos method = system keytab
> assumes the system default ( /etc/krb5.keytab )
Sorry, but no it doesn't ;-), the 'system keytab' is by default in
> kerberos method = dedicated keytab
> can be : AnyPath/to/keytabfile.
> kerberos method = secrets and keytab - use the secrets.tdb first,
> then the system keytab
> I think we should define "system keytab" a bit beter in smb.conf.
You are probably right Louis, want to make this your first patch as a
Samba team member ?
> So yeah, you might say, `kerberos method = secrets and keytab` should
> work fine without the setting :
Yes it will, but anything else that needs an actual keytab wont.
> dedicated keytab file If thats not
> the case then we need 2 of these : kerberos method = secrets and
> keytab kerberos method = secrets and system-keytab kerberos method =
> secrets and dedicate-keytab
> What i think, but i cant see it in the code, maybe Rowland can tell
Just did ;-)
To unsubscribe from this list go to the following URL and read the