On to, 12 loka 2017, Kees Bakker via FreeIPA-users wrote:
Hey,
This week I tried to install Samba (which failed because of Ubuntu, but that's
another story).
One of the steps was to do ipa-adtrust-install. It created a cifs/myhost
pricipal
on my IPA master server.
But now it keeps switching my default pricipal to cifs/myhost@MYREALM (and
in this case I'm root).
What is your distribution?
The reason I ask is because on Fedora, RHEL 7, and CentOS 7 we do have
Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba
line in smb.service (and in winbind.service):
# systemctl cat winbind.service |grep krb5cc_samba
Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba
This forces smbd and winbindd to use a specific Kerberos ccache file
instead of a default one. Since they run as root their default ccache
would otherwise be the one that root as user uses.
Next I do destroy -A, and a new kinit admin.
root@rotte:~# kdestroy -A
root@rotte:~# klist
klist: Credentials cache keyring 'persistent:0:krb_ccache_SF0wnkh' not found
root@rotte:~# kinit admin
Password for [email protected]:
root@rotte:~# klist
Ticket cache: KEYRING:persistent:0:krb_ccache_SF0wnkh
Default principal: [email protected]
Valid starting Expires Service principal
12-10-17 11:39:10 13-10-17 11:39:05 krbtgt/[email protected]
Great, this is what I expected. But ... within 5 minutes
root@rotte:~# klist
Ticket cache: KEYRING:persistent:0:krb_ccache_SF0wnkh
Default principal: cifs/[email protected]
Valid starting Expires Service principal
12-10-17 11:42:10 13-10-17 11:42:10 ldap/[email protected]
12-10-17 11:42:10 13-10-17 11:42:10 krbtgt/[email protected]
Argh, who/what is doing this?
--
Kees Bakker
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
