Información y ayuda

HPC Universidad de Oriente

Herramientas de usuario

Herramientas del sitio


generating_keytabs

Adding SPN's and Generating keytabs

Generating Keytabs


Active directory requires kerberos service principle names to be mapped to a user account before a keytab can be generated.

You can add spn names using the “samba-tool” provided with your Samba 4 installation.

 samba-tool spn add host/fdqn@KerberosRealm sAMAccount 

To then generate a keytab for that principle again using the “samba-tool” run the following:

 samba-tool domain exportkeytab  name.keytab  --principal=host/fdqn@KerberosRealm

This should then produce the keytab for the principle that you have exported and this can then be copied to your target machine or service.

generating_keytabs.txt · Última modificación: 2015/02/11 16:53 por macho