RE: [Samba] Urgent... winbind and keytab file creation
This is a discussion on RE: [Samba] Urgent... winbind and keytab file creation within the Samba forums, part of the Networking and Network Related category; Hi and thanks for you answer. here is the output about the encryption used: [root@rhel4wbtest2 krb5]# klist -e -k ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-02-2008
|
|||
|
|||
RE: [Samba] Urgent... winbind and keytab file creation
Hi and thanks for you answer.
here is the output about the encryption used: [root@rhel4wbtest2 krb5]# klist -e -k Keytab name: FILE:/etc/krb5/krb5.keytab KVNO Principal ---- ------------------------------------------------------------------------ -- 2 host/rhel4wbtest2.vegagroup.net@VEGAGROUP.NET (DES cbc mode with CRC-32) 2 host/rhel4wbtest2.vegagroup.net@VEGAGROUP.NET (DES cbc mode with RSA-MD5) 2 host/rhel4wbtest2.vegagroup.net@VEGAGROUP.NET (ArcFour with HMAC/md5) 2 host/RHEL4WBTEST2@VEGAGROUP.NET (DES cbc mode with CRC-32) 2 host/RHEL4WBTEST2@VEGAGROUP.NET (DES cbc mode with RSA-MD5) 2 host/RHEL4WBTEST2@VEGAGROUP.NET (ArcFour with HMAC/md5) 2 RHEL4WBTEST2$@VEGAGROUP.NET (DES cbc mode with CRC-32) 2 RHEL4WBTEST2$@VEGAGROUP.NET (DES cbc mode with RSA-MD5) 2 RHEL4WBTEST2$@VEGAGROUP.NET (ArcFour with HMAC/md5) i have to use pam_krb5 because i need to mount nfs shares with kerberos security. So when a user logs in he gets a valid TGT and is able to mount the share. if the keytab created cannot be used for this... can i somehow delete the host principal created by winbind, create a new one, that will work for pam_krb5 and let winbind use the newly created one? -----Original Message----- From: Gerald (Jerry) Carter [mailto:jerry@samba.org]=20 Sent: 02 April 2008 15:10 To: Oliver Weinmann Cc: samba@lists.samba.org Subject: Re: [Samba] Urgent... winbind and keytab file creation -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oliver Weinmann wrote: | Hi, | | I'm running winbind (3.0.28a) on SLES9 with heimdal Kerberos. Everything works fine so far. Now i need to have the host keytab generated by winbind to be in the default /etc/krb5/krb5.keytab in order to use nfs with kerberos security. The problem is i have set the parameter in smb.conf: | | use kerberos keytabe =3D true DOn't use this if you use Samba to joined the domain. It is really on;y useful for non-MS realms. jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH84WZIR7qMdg1EfYRAk6iAJ0d04pZey+cqgyzfOGbB6 cmW+nhWwCgpOjV U+A6DB3LB7IZMlqBxWv0u6s=3D =3DMlpW -----END PGP SIGNATURE----- __________________________________________________ ____________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __________________________________________________ ____________________ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba 
|
Linear Mode
