generating_keytabs
¡Esta es una revisión vieja del documento!
Adding SPN's and Generating keytabs
Generating Keytabs
Active directory requires kerberos service principle names to be mapped to a user account before a keytab can be generated.
You can add spn names using the “samba-tool” provided with your Samba 4 installation.
samba-tool spn add host/fdqn@KerberosRealm sAMAccount
To then generate a keytab for that principle again using the “samba-tool” run the following:
samba-tool domain exportkeytab name.keytab --principal=host/fdqn@KerberosRealm
This should then produce the keytab for the principle that you have exported and this can then be copied to your target machine or service.
generating_keytabs.1423673625.txt.gz · Última modificación: 2022/11/02 17:58 (editor externo)