Bug 1218926
| Summary: | Samba ignores default_keytab_name in krb5.conf | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Ondrej <ondrej.valousek> |
| Component: | samba | Assignee: | Andreas Schneider <asn> |
| Status: | CLOSED ERRATA | QA Contact: | Andrej Dzilský <adzilsky> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.3 | CC: | adzilsky, asn, gdeschner, jarrpa, ondrej.valousek, rhack, sbose |
| Target Milestone: | rc | ||
| Target Release: | 7.3 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | samba-4.6.0-1.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-08-01 18:19:59 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I am not able to reproduce this Bug :/ on 3.6.23-14.el6_6.x86_64, it works for me pretty good there. Also it works on current version of Samba (4.6.0+) too. I will appreciate any info for testing to get this bug verified. I can still reproduce this bug on samba-common-3.6.23-42.el6_9.x86_64 using the steps above. Samba still ignores default_keytab_name setting in /etc/krb5.conf Which other info shall I provide? The steps to reproduce are still the same - "net ads join" keeps creating krb5.keytab file in it's default location (/etc) even if a different location (say /var/lib/samba) is specified in /etc/krb5.conf Well. Let's start with: rpm -qa | grep samba cat /etc/samba/smb.conf cat /etc/krb5.conf also run 'net ads join' with parameter '-d10' and attach the log, (e.g. 'net ads join -d10 &> log.join') Can I ask you if u entered just 'net ads join' without any parameters or ? I'd like to find that little detail which prevents me to reproduce bug. Regards. > Which other info shall I provide?
> The steps to reproduce are still the same - "net ads join" keeps creating
> krb5.keytab file in it's default location (/etc) even if a different location
> (say /var/lib/samba) is specified in /etc/krb5.conf
See 'dedicated keytab' in 'man smb.conf'.
Does not work either, unfortunately.
When I add:
kerberos method = dedicated keytab
dedicated keytab file = /var/lib/samba/krb5.keytab
and then "net ads join", krb5.keytab file is never created.
You need to call 'net ads keytab create'. When I call 'net ads keyteb create -U admin', krb5.keytab is still created in /etc, ignoring settings in both /etc/krb5.conf and /etc/samba/smb.conf Created RedHat support case #01845954 to support this Kerberos method with 'dedicated keytab' works on samba 4.6.0 too. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:1950 |
Description of problem: [root@rh6laptop ~]# cat /etc/krb5.conf ... [libdefaults] default_keytab_name = FILE:/var/lib/samba/krb5.keytab ... [root@rh6laptop ~]# cat /etc/samba/smb.conf ... kerberos method = system keytab When I do "net ads join", the real location of the system keytab file (var/lib/samba/krb5.keytab) is being ignored. Samba still tries to use /etc/krb5.keytab tested with samba-common-3.6.23-14.el6_6.x86_64