Yes the "net ads keytab create" created the keytab file now. But in the =
logs i can see that the encryption type used is not good:

Apr 2 12:37:18 rhel4wbtest1 sshd[4542]: pam_krb5: error reading keys =
for host/rhel4wbtest2.vegagroup.net from /etc/krb5/krb5.keytab: Bad =
encryption type
Apr 2 12:37:18 rhel4wbtest1 sshd[4542]: pam_krb5: authentication fails =
for `tuser'

does winbind by default use: rc4-hmac?

-----Original Message-----
From: Guenther Deschner [mailto:gd@samba.org]=20
Sent: 02 April 2008 11:39
To: Oliver Weinmann
Cc: samba@lists.samba.org
Subject: Re: [Samba] Urgent... winbind and keytab file creation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oliver Weinmann wrote:
> Hi,
>=20
> I'm running winbind (3.0.28a) on SLES9 with heimdal Kerberos. =

Everything works fine so far. Now i need to have the host keytab =
generated by winbind to be in the default /etc/krb5/krb5.keytab in order =
to use nfs with kerberos security. The problem is i have set the =
parameter in smb.conf:
>=20
> use kerberos keytabe =3D true
>=20
> and as mentioned in man smb.conf i have set in krb5.conf
>=20
> default_keytab_name =3D FILE:/etc/krb5/krb5.keytab
>=20
> after a "net join ads" the krb5.keytab file is not created? do i have =

to create it myself? Is this not really implemented? What am I doing =
wrong?

Have you tried "net ads keytab create" ?

Guenther

- --
G=FCnther Deschner GPG-ID: 8EE11688
Red Hat gdeschner@redhat.com
Samba Team gd@samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFH81Q/SOk3aI7hFogRAo9oAJ9olnYtnTFteNgF6jVpK/xdh9be8gCeNHVP
WjEvra9U//Tj25Y8hFjnDwg=3D
=3Dpeli
-----END PGP SIGNATURE-----

__________________________________________________ ____________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email =
__________________________________________________ ____________________
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba