not yet? does it create a keytab file? i tested the same thing on rhel4 with MIT kerberos and here it creates the krb5.keytab file under /etc/krb5.keytab i then linked it to /etc/krb5/krb5.keytab and now i can see all the keys with klist -k, but i can't use them:
[EMAIL PROTECTED] etc]# klist -k Keytab name: FILE:/etc/krb5/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 host/[EMAIL PROTECTED] 2 host/[EMAIL PROTECTED] 2 host/[EMAIL PROTECTED] 2 host/[EMAIL PROTECTED] 2 host/[EMAIL PROTECTED] 2 host/[EMAIL PROTECTED] 2 [EMAIL PROTECTED] 2 [EMAIL PROTECTED] 2 [EMAIL PROTECTED] [EMAIL PROTECTED] etc]# kinit -k host/rhel4wbtest2.vegagroup.net kinit(v5): Cannot find KDC for requested realm while getting initial credentials -----Original Message----- From: Guenther Deschner [mailto:[EMAIL PROTECTED] Sent: 02 April 2008 11:39 To: Oliver Weinmann Cc: [email protected] Subject: Re: [Samba] Urgent... winbind and keytab file creation -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oliver Weinmann wrote: > Hi, > > I'm running winbind (3.0.28a) on SLES9 with heimdal Kerberos. Everything > works fine so far. Now i need to have the host keytab generated by winbind to > be in the default /etc/krb5/krb5.keytab in order to use nfs with kerberos > security. The problem is i have set the parameter in smb.conf: > > use kerberos keytabe = true > > and as mentioned in man smb.conf i have set in krb5.conf > > default_keytab_name = FILE:/etc/krb5/krb5.keytab > > after a "net join ads" the krb5.keytab file is not created? do i have to > create it myself? Is this not really implemented? What am I doing wrong? Have you tried "net ads keytab create" ? Guenther - -- Günther Deschner GPG-ID: 8EE11688 Red Hat [EMAIL PROTECTED] Samba Team [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFH81Q/SOk3aI7hFogRAo9oAJ9olnYtnTFteNgF6jVpK/xdh9be8gCeNHVP WjEvra9U//Tj25Y8hFjnDwg= =peli -----END PGP SIGNATURE----- ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
