On 8 March 2017 at 14:59, Sumit Bose <[email protected]> wrote: > On Wed, Mar 08, 2017 at 02:09:09PM +0000, John Beranek wrote: >> On 8 March 2017 at 13:40, Mote, Todd <[email protected]> wrote: >> > Does on my rhel 6 boxes. I'm not in front of a computer at the moment, but >> > there is a log where you can see it. Sssd_domain.log I think. I'll look >> > when I get to work and let you know. Might search the list archive too I'm >> > pretty sure I asked about it when adcli was still in the .7’s. >> >> Hmm, just reading a list thread from September 2016 where it's >> suggested that adcli doesn't get on well with Samba,entitled "samba >> 4.2.11, 4.2.14 and sssd?" http://bit.ly/2n60x4r >> >> I wonder if having adcli installed, but using "net ads join" to join >> the domain is still troublesome... > > Maybe adcli does not lead to the expected result because you use > 'kerberos method = secrets and keytab'. adcli can only update the keytab > but not the host password stored in Samba's secrets.tdb. So chances are > that even if the keys in the keytab are updated Samba will still use the > old one from secrets.tdb. Have you tried to use 'kerberos method = > system keytab'?
Thanks Sumit, no change with just the config change, would I need to clear out the Samba database after the change? John _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
