hi users
I'm trying:
$ realm join ...
and I see that keytabs are not ok, I think, right?
>setspn -L dzien
Registered ServicePrincipalNames for
CN=DZIEN,OU=private,DC=my,DC=dom
te,DC=cam,DC=ac,DC=uk:
HOST/dzien.private.my.dom
HOST/DZIEN
seems to me that @AD.MY.DOM is missing?
is this expected behavior and missing keytabs should be
added manually?
many thanks,
L.
On 06/06/16 10:52, lejeczek wrote:> hi users > > I'm trying: > > $ realm join ... > > and I see that keytabs are not ok, I think, right? > > >setspn -L dzien > Registered ServicePrincipalNames for CN=DZIEN,OU=private,DC=my,DC=dom > te,DC=cam,DC=ac,DC=uk: > HOST/dzien.private.my.dom > HOST/DZIEN > > seems to me that @AD.MY.DOM is missing? > > is this expected behavior and missing keytabs should be added manually? > > many thanks, > > L. > >No idea if realmd is working correctly, it is not part of Samba, Samba uses 'net ads join' and, if you have the required lines in smb.conf, the keytab & SPNs get created for you. What I can say is, if I run 'ktutil' on a client, every line in the keytab ends in '@SAMDOM.EXAMPLE.COM' Rowland
Maybe Matching Threads
- Generating keytabs for other hosts
- Failed to modify SPNs on error in module acl: Constraint violation during LDB_MODIFY (19)
- Using Samba AD for NFSV4 Kerberos servers and clients
- Failed to modify SPNs on error in module acl: Constraint violation during LDB_MODIFY (19)
- Looking for GSSAPI config [was: Looking for NTLM config example]