generating_keytabs
Differences
This shows you the differences between two versions of the page.
|
generating_keytabs [2015/06/29 16:10] 127.0.0.1 external edit |
generating_keytabs [2020/04/10 17:38] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | **Adding SPN's and Generating keytabs** | ||
| - | |||
| - | ====== Generating Keytabs ====== | ||
| - | ---- | ||
| - | |||
| - | Active directory requires kerberos service principle names to be mapped to a user account before a keytab can be generated. | ||
| - | |||
| - | You can add spn names using the "samba-tool" provided with your Samba 4 installation. | ||
| - | <code> | ||
| - | samba-tool spn add host/fdqn@KerberosRealm sAMAccount | ||
| - | </code> | ||
| - | |||
| - | To then generate a keytab for that principle again using the "samba-tool" run the following: | ||
| - | <code> | ||
| - | samba-tool domain exportkeytab name.keytab --principal=host/fdqn@KerberosRealm | ||
| - | </code> | ||
| - | |||
| - | This should then produce the keytab for the principle that you have exported and this can then be copied to your target machine or service. | ||
generating_keytabs.txt ยท Last modified: 2020/04/10 17:38 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
