RE: [Samba] Urgent... winbind and keytab file creation

Date: Wed, 2 Apr 2008 15:25:39 +0200
From: "Oliver Weinmann" <oliver.weinmann@xxxxxxx>
Subject: RE: [Samba] Urgent... winbind and keytab file creation

Hi and thanks for you answer.

here is the output about the encryption used:

[root@rhel4wbtest2 krb5]# klist -e -k
Keytab name: FILE:/etc/krb5/krb5.keytab
KVNO Principal
----
------------------------------------------------------------------------
--
   2 host/rhel4wbtest2.vegagroup.net@xxxxxxxxxxxxx (DES cbc mode with
CRC-32)
   2 host/rhel4wbtest2.vegagroup.net@xxxxxxxxxxxxx (DES cbc mode with
RSA-MD5)
   2 host/rhel4wbtest2.vegagroup.net@xxxxxxxxxxxxx (ArcFour with
HMAC/md5)
   2 host/RHEL4WBTEST2@xxxxxxxxxxxxx (DES cbc mode with CRC-32)
   2 host/RHEL4WBTEST2@xxxxxxxxxxxxx (DES cbc mode with RSA-MD5)
   2 host/RHEL4WBTEST2@xxxxxxxxxxxxx (ArcFour with HMAC/md5)
   2 RHEL4WBTEST2$@VEGAGROUP.NET (DES cbc mode with CRC-32)
   2 RHEL4WBTEST2$@VEGAGROUP.NET (DES cbc mode with RSA-MD5)
   2 RHEL4WBTEST2$@VEGAGROUP.NET (ArcFour with HMAC/md5)

i have to use pam_krb5 because i need to mount nfs shares with kerberos
security. So when a user logs in he gets a valid TGT and is able to
mount the share.

if the keytab created cannot be used for this... can i somehow delete
the host principal created by winbind, create a new one, that will work
for pam_krb5 and let winbind use the newly created one?

-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry@xxxxxxxxx] 
Sent: 02 April 2008 15:10
To: Oliver Weinmann
Cc: samba@xxxxxxxxxxxxxxx
Subject: Re: [Samba] Urgent... winbind and keytab file creation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oliver Weinmann wrote:
| Hi,
|
| I'm running winbind (3.0.28a) on SLES9 with heimdal Kerberos.
Everything works fine so far. Now i need to have the host keytab
generated by winbind to be in the default /etc/krb5/krb5.keytab in order
to use nfs with kerberos security. The problem is i have set the
parameter in smb.conf:
|
| use kerberos keytabe = true

DOn't use this if you use Samba to joined the domain.
It is really on;y useful for non-MS realms.





jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH84WZIR7qMdg1EfYRAk6iAJ0d04pZey+cqgyzfOGbB6cmW+nhWwCgpOjV
U+A6DB3LB7IZMlqBxWv0u6s=
=MlpW
-----END PGP SIGNATURE-----

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Follow-Ups:
- Re: [Samba] Urgent... winbind and keytab file creation
  - From: Gerald (Jerry) Carter

References:
- [Samba] Urgent... winbind and keytab file creation
  - From: Oliver Weinmann
- Re: [Samba] Urgent... winbind and keytab file creation
  - From: Gerald (Jerry) Carter

Prev by Date: [Samba] tdbsam allow users to change password without notice!!!
Next by Date: Re: [Samba] samba3.0.22 - "net setlocalsid" with no effect
Previous by thread: Re: [Samba] Urgent... winbind and keytab file creation
Next by thread: Re: [Samba] Urgent... winbind and keytab file creation
Index(es):
- Date
- Thread

lists-archives.org

RE: [Samba] Urgent... winbind and keytab file creation