Generating Keytabs: Difference between revisions
From SambaWiki
Damien.dye (talk | contribs) (Created page with " Active directory requires kerberos service principle names to be mapped to a user account before a keytab can be generated. you can add spn names using the samba-tool provided…") |
Damien.dye (talk | contribs) No edit summary |
||
| Line 1: | Line 1: | ||
Active directory requires kerberos service principle names to be mapped to a user account before a keytab can be generated. |
Active directory requires kerberos service principle names to be mapped to a user account before a keytab can be generated. |
||
| Line 8: | Line 7: | ||
this should return without error. |
this should return without error. |
||
to then generate a keytab for that principle again using the samba-tool run the following |
|||
samba-tool domain exportkeytab name.keytab --principal=host/fdqn@KerberosRealm |
|||
this should then produce the keytab for the principle that you have exported and this can then be copied to your target machine or service. |
|||
Revision as of 11:14, 5 February 2014
Active directory requires kerberos service principle names to be mapped to a user account before a keytab can be generated.
you can add spn names using the samba-tool provided with your samba 4 installation.
samba-tool spn add host/fdqn@KerberosRealm sAMAccount
this should return without error.
to then generate a keytab for that principle again using the samba-tool run the following
samba-tool domain exportkeytab name.keytab --principal=host/fdqn@KerberosRealm
this should then produce the keytab for the principle that you have exported and this can then be copied to your target machine or service.