search for: kerbuser

Hi All ! Using Samba Version 4.1.12, updated from source from 4.0beta1 I've created a user, let say kerbuser, for a web server to authenticate with kerberos and provide SSO to the end-users. In my example, my domain is MYDOMAIN.LOCAL, the apache server is webserver.mydomain.local and the AD user is kerbuser I've added a principal on the user and exported everything in a keytab so the result of a k...

Hi Rowland, Yes, I read this documentation carefully. I have two working Apache2 with kerberos authentication working. My question is more about troubleshooting a keytab. If I need to test manually a keytab file chalenging a specific principal, what's the prefered method ? I thougt that a kinit could be done using a principal name, but I am unable to kinit with somehting else than the

Hi Rowland, Hi looks like the "-c" option is optional. My problem is not really the kerberos cache file, but the "principal" linked to the user kerbuser. The principal is HTTP/webserver.MYDOMAIN.LOCAL at MYDOMAIN.LOCAL I would like to use kinit and give this principal as parameter. something like : > kinit -k -t /root/my.keytab HTTP/webserver.MYDOMAIN.LOCAL at MYDOMAIN.LOCAL But no success with such a command. Any idea? -- Olivier

...the benefice of adding a SPN to a user instead of using the UPN directly ? So the same question more clearly : how do you use the SPN and why? Thanks, -- Olivier > Yes, you are mixing up user principal names with service principal > names, your user has a user principal name of 'kerbuser at MYDOMAIN.LOCAL' > > If we create the user, add an spn and export the keytab as per the wiki: > > samba-tool user create --random-password http-dc01 > samba-tool spn add HTTP/dc01.home.lan http-dc01 > samba-tool domain exportkeytab /etc/httpd.keytab > --principal=HTTP/...