Hi Dirk, No, I haven't gotten any word back yet. If you have any insight into what I might be doing incorrectly, it would be greatly appreciated.
Thanks, Chase On Mon, Sep 19, 2011 at 3:10 AM, Dirk Gouders < [email protected]> wrote: > Chase Whitener <[email protected]> writes: > > > We have a 2008r2 AD domain. We join Linux machines as domain members > using > > Samba with Winbind (I'll show all of my config files below). This > portion > > of our setup works without failures of any kind. However, some of these > > machines are web servers for Intranet stuff and we'd like to have SSO > > working. For this, we use Apache (HTTPD) plus mod_auth_kerb (requires a > > keytab file). So, since we're already joining the machines to the domain > > with Samba, we thought it would be smart to just generate the keytab > files > > with net ads. > > > > export KRB5_KTNAME=FILE:/etc/www.keytab > > net ads keytab create -Udomain-admin (requires a password, so this can't > be > > scripted and run in cron) > > net ads keytab add HTTP -Udomain-admin (requires a password, so this > can't > > be scripted and run in cron) > > unset KRB5_KTNAME > > chown apache /etc/www.keytab > > service httpd restart > > > > However, when Samba changes the machine account's password (seemingly > > randomly), those keytab files are no longer valid and have to be > > regenerated. Is there some way for those keytab files to be updated > > automatically when Samba updates the machine account, or some setting to > > stop Samba from updating that password? And alternatively, are we doing > > things in a completely wrong way? I apologize for writing a book here, > but > > without all of the background info, you may not be able to help. Here's > my > > config files for a machine: > > Hi Chase, > > I did not see an answer to your question and would like to ask if you > received any help with your problem or solved it some other way. > > Regards, > > Dirk > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
