2011-12-31 02:36 keltez?ssel, steve ?rta:> What's the syntax?
>
> I've tried:
> samba-tool spn add nfs/HH3.SITE Administrator
>
> which seems to work, but where do I go from here?
>
> THanks,
> Steve
>
First:
I wouldn't add an nfs spn for the Administrator account, instead would
create a separate account (e.g. nfs) for it: samba-tool user create ....
Second:
After having the user created ensure that it has des enctypes (nfs is
only accepting des-cbc-crc) (IMHO from windows mmc would be the easiest)
Third:
Change the password of the account
Fourth:
Do the spn stuff
Fifth:
Export a keytab for the spn: samba-tool domain exportkeytab
/path/to/the/keytab --principal=The_SPN_You_Have_Created
Sixth:
With (I use heimdal, for MIT it could be different) ktutil delete all
the enctypes from the created keytab EXCEPT des-cbc-crc.
Seventh:
Copy/Move the keytab to where your nfs server/library is expecting it to
be found.
Regards
Geza