I have samba working find against our windows 2000/3 network under solaris 9/10. Users can attach to samba using the Kerberos credentials on their windows XP PCs.
I would now like to kerberise the unix applications. Statring with the supplied Sun rlogind, telnetd, etc. As I understand things I now need to have a host key on the end systems. Will samba's net ads keytab create do this for me? And avoid me having to run ktpass.exe on windows for each and every host? I am having some trouble finding documentation on net ads keytab Running net ads keytab create certainly creates a key tab that I can examine with klist -K however some encryption types are listed as type-23 (Solaris' keytab) I am using MIT Kerberos to compile samba against as I could not get samba to compile against it and it has advantages of being more up to date. Can anyone assist me with this? Also I would like to know the answers to the following. As I understand this the Service principle name that is assigned to the machine when I join it to the domain is the equivalent of the NT 4.0 machine account, does this as in NT 4.0 change is password (and hence in an ADS environment its SPN password) every so often? If so is a consequence of this that any keytab created with net ads kytab will become out of date sooner or latter. Does use Kerberos keytab in smb.conf fix this? If not why might you use it? Should samba and the kerberised applications share a Kerberos entry or should I create a sepperate identity for the non-samba applications in AD and extract a key tab via ktpass.exe on the Windows side of things. Thanks for your help in advance Regards, RB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
