Re: [Samba] NT_STATUS_NETWORK_SESSION_EXPIRED Domain member
- Date: Mon, 17 Dec 2018 16:54:03 +0100
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] NT_STATUS_NETWORK_SESSION_EXPIRED Domain member
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
> Rowland Penny via samba
> Verzonden: maandag 17 december 2018 16:08
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] NT_STATUS_NETWORK_SESSION_EXPIRED Domain member
> On Mon, 17 Dec 2018 15:38:02 +0100
> "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> > Hm,,
> > Good question Marco, now after re-reading it, i understand what you
> > trying to say. How i did read it and understand it.
> > dedicated keytab file (G)
> > Specifies the absolute path to the kerberos keytab file when
> > `kerberos method` is set to "dedicated keytab". When the kerberos
> > method is in "dedicated keytab" mode, dedicated keytab file must be
> > set to specify the location of the keytab file.
> > So you options are
> > kerberos method = secret only ( the default.)
> > so no changes in smb.conf by default.
> > kerberos method = system keytab
> > assumes the system default ( /etc/krb5.keytab )
> Sorry, but no it doesn't ;-), the 'system keytab' is by default in memory.
Ok, but then, with the setting, `kerberos method = secrets and keytab` it's only more confusing.
A small re-cap.
secrets only - use only the secrets.tdb for ticket verification (default)
- this is clear how its used.
system keytab - use only the system keytab for ticket verification
- this description here might be better off with something like this.
system keytab - use only the system (in memory) keytab for ticket verification.
dedicated keytab - use a dedicated keytab for ticket verification (preffered the OS default)
- ( for debian/ubuntu /etc/krb5.keytab )
secrets and keytab - use the secrets.tdb first, then the system (in memory) keytab
But now i can't explain the mix of `dedicated keytab` and `secrets and keytab` anymore.
Here : secrets and keytab
Keytab points to in-memory and/or file keytab?? , at least thats how i thought it did work.
> > kerberos method = dedicated keytab
> > can be : AnyPath/to/keytabfile.
> > kerberos method = secrets and keytab - use the secrets.tdb first,
> > then the system keytab
> > I think we should define "system keytab" a bit beter in smb.conf.
> You are probably right Louis, want to make this your first patch as a
> Samba team member ?
Well thats maybe a bit too early.. ;-) learn about gitlab more first.
And if its happens, you be the first to review my typos. :-))
> > So yeah, you might say, `kerberos method = secrets and keytab` should work fine without the setting :
> Yes it will, but anything else that needs an actual keytab wont.
In this line "method = secrets and keytab"
The word `keytab` referres to ? Memory keytab or file, or both.
Because it looks like only memory but it does use the /etc/krb5.keytab also.
So this is not correctly defined.. and since im not not sure anymore how it uses the combination of the settings,
i need to understand the combination better for before i can describe it.
Following that part of code is to hard for me.
> > dedicated keytab file If thats not
> > the case then we need 2 of these : kerberos method = secrets and
> > keytab kerberos method = secrets and system-keytab kerberos method =
> > secrets and dedicate-keytab
> > What i think, but i cant see it in the code, maybe Rowland can tell
> > this.
> Just did ;-)
Thanks, must helpfull for me at least. ;-)
To unsubscribe from this list go to the following URL and read the