Difference between revisions of "Generating Keytabs"

(Created page with " Active directory requires kerberos service principle names to be mapped to a user account before a keytab can be generated. you can add spn names using the samba-tool provided…")
 
Line 1: Line 1:
 
  
 
Active directory requires kerberos service principle names to be mapped to a user account before a keytab can be generated.
 
Active directory requires kerberos service principle names to be mapped to a user account before a keytab can be generated.
Line 8: Line 7:
  
 
this should return without error.
 
this should return without error.
 +
 +
 +
to then generate a keytab for that principle again using the samba-tool run the following
 +
 +
samba-tool domain exportkeytab  name.keytab  --principal=host/fdqn@KerberosRealm
 +
 +
this should then produce the keytab for the principle that you have exported and this can then be copied to your target machine or service.

Revision as of 11:14, 5 February 2014

Active directory requires kerberos service principle names to be mapped to a user account before a keytab can be generated.

you can add spn names using the samba-tool provided with your samba 4 installation.

samba-tool spn add host/fdqn@KerberosRealm sAMAccount

this should return without error.


to then generate a keytab for that principle again using the samba-tool run the following

samba-tool domain exportkeytab name.keytab --principal=host/fdqn@KerberosRealm

this should then produce the keytab for the principle that you have exported and this can then be copied to your target machine or service.