Re: [Samba] NT_STATUS_NETWORK_SESSION_EXPIRED Domain member
- Date: Mon, 17 Dec 2018 16:23:48 +0000
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] NT_STATUS_NETWORK_SESSION_EXPIRED Domain member
On Mon, 17 Dec 2018 16:54:03 +0100
"L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> Ok, but then, with the setting, `kerberos method = secrets and
> keytab` it's only more confusing.
> A small re-cap.
> secrets only - use only the secrets.tdb for ticket verification
> - this is clear how its used.
> system keytab - use only the system keytab for ticket
> - this description here might be better off with something like this.
> system keytab - use only the system (in memory) keytab for ticket
> dedicated keytab - use a dedicated keytab for ticket verification
> (preffered the OS default)
> - ( for debian/ubuntu /etc/krb5.keytab )
Yes, apart from mentioning any OS defaults, that's the OS's job ;-)
> secrets and keytab - use the secrets.tdb first, then the system (in
> memory) keytab But now i can't explain the mix of `dedicated keytab`
> and `secrets and keytab` anymore.
> Here : secrets and keytab
> Keytab points to in-memory and/or file keytab?? , at least thats how
> i thought it did work.
From my understanding (which may be limited) it might be be better as
'secrets and keytabs' i.e. try everything.
> > > kerberos method = dedicated keytab
> > > can be : AnyPath/to/keytabfile.
> > > kerberos method = secrets and keytab - use the secrets.tdb first,
> > > then the system keytab
> > >
> > > I think we should define "system keytab" a bit beter in smb.conf.
> > You are probably right Louis, want to make this your first patch as
> > a Samba team member ?
> Well thats maybe a bit too early.. ;-) learn about gitlab more
> first. And if its happens, you be the first to review my typos. :-))
OK, I will introduce more typo's ;-)
> > >
> > > So yeah, you might say, `kerberos method = secrets and keytab`
> > > should work fine without the setting :
> > Yes it will, but anything else that needs an actual keytab wont.
> In this line "method = secrets and keytab"
> The word `keytab` referres to ? Memory keytab or file, or both.
> Because it looks like only memory but it does use
> the /etc/krb5.keytab also. So this is not correctly defined.. and
> since im not not sure anymore how it uses the combination of the
> settings, i need to understand the combination better for before i
> can describe it. Following that part of code is to hard for me.
Yes, it is a bit spaghetti like ;-)
From experience, things work that are not in krb5.keytab and things
that are in krb5.keytab work until the keytab is removed.
To unsubscribe from this list go to the following URL and read the