[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] Samba 3.0, ADS, Kerberos
I have successfully integrated samba to an Active Directory Domain, and
it is authenticating against the ADS, but only while the Kerberos
ticket is valid. After that period it seems to take only the user/group
list from its (winbind) cache.
By now i can get a kerberos ticket with "kinit Administrator" or any
other username that has administrative rights on ADS and all is fine.
But after 8 hours this ticket is no longer valid. How can I renew or
re-get an (new) ticket automatically?
I searched many sites and found several solutions, but none worked.
Probably the best one is about keytabs, which I could generate on The
Windows System, but kerberos does not seem to use them.
Most of the solutions I found are for MIT kerberos, but I use heimdal
(as of SuSE 9.0), where e.g. the hints from new zealand's linux wiki
(http://www.wlug.org.nz/ActiveDirectorySamba) don't work. They tell me
to import the keytab file with
ktutil: rkt mail.keytab
ktutil: wkt /etc/krb5.keytab
But this does not work - not with ktutil and not with kadmin.
Perhaps i missed something?
Thanks a lot!!!
Mit freundlichen Grüßen
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
fon: +49 941 70 65 23 - mobil: +49 170 302 709 2
web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here