> To address the Kerberos ticket issue, on my RHEL 5.5 servers, I > enabled "use Kerberos keytab" in my smb.conf: > > 1. Edit your smb.conf, add "use kerberos keytab = YES" > Run testparm > Restart Samba > > 2. Create a kerberos keytab in the location is defined in your > krb5.conf file. Mine has "default_keytab_name = > FILE:/etc/krb5.keytab" in the [libdefaults] section : > net ads keytab create > > 3. Verify the contents of the Kerberos keytab file: > klist -ke > > Keytab name: FILE:/etc/krb5.keytab > KVNO Principal > ---- ------------------------------------------------------------ > -------------- > 3 host/server1.domain.forest.org @ DOMAIN.FOREST.ORG (DES cbc > mode with CRC-32) > 3 host/server1.domain.forest.org@ DOMAIN.FOREST.ORG (DES cbc mode > with RSA-MD5) > 3 host/server1.domain.forest.org@ DOMAIN.FOREST.ORG (ArcFour with > HMAC/md5) > 3 host/[email protected] (DES cbc mode with CRC-32) > 3 host/[email protected] (DES cbc mode with RSA-MD5) > 3 host/[email protected] (ArcFour with HMAC/md5) > 3 [email protected] (DES cbc mode with CRC-32) > 3 [email protected] (DES cbc mode with RSA-MD5) > 3 [email protected] (ArcFour with HMAC/md5) > 4 host/[email protected] (DES cbc mode > with CRC-32) > 4 host/[email protected] (DES cbc mode > with RSA-MD5) > 4 host/[email protected] (ArcFour with > HMAC/md5) > 4 host/[email protected] (DES cbc mode with CRC-32) > 4 host/[email protected] (DES cbc mode with RSA-MD5) > 4 host/[email protected] (ArcFour with HMAC/md5) > 4 [email protected] (DES cbc mode with CRC-32) > 4 [email protected] (DES cbc mode with RSA-MD5) > 4 [email protected] (ArcFour with HMAC/md5) > > However I do not know how to enable the execution the 'net ads > join' command without supplying a password. >
I tried your method and, while there are minor variations in how the 'net ads keytab' commands are used between FreeBSD and RHEL, I wasn't able to join the domain without supplying a password. I see various references throughout the Internet where quite a number of FreeBSD users are supplying passwords when performing a 'net ads join' command. I will keep an eye open for any other working methods. ~Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
