Generating Keytabs

From SambaWiki
Revision as of 11:15, 5 February 2014 by Damien.dye (talk | contribs)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Active directory requires kerberos service principle names to be mapped to a user account before a keytab can be generated.

you can add spn names using the samba-tool provided with your samba 4 installation. 

samba-tool spn add host/fdqn@KerberosRealm sAMAccount

this should return without error.


to then generate a keytab for that principle again using the samba-tool run the following 

samba-tool domain exportkeytab  name.keytab  --principal=host/fdqn@KerberosRealm

this should then produce the keytab for the principle that you have exported and this can then be copied to your target machine or service.

Retrieved from "https://wiki.samba.org/index.php?title=Generating_Keytabs&oldid=8411"