diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2012-02-28 13:23:51 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-06-07 09:39:09 +0200 |
| commit | dd244c02dd544f518574f45931342b97fd9e0162 (patch) | |
| tree | 5ffa2b14913df9035aeceaddc254634345d58ddf /install | |
| parent | b32204fccc280714a32d56c15f70f770df82dfbd (diff) | |
| download | freeipa-dd244c02dd544f518574f45931342b97fd9e0162.tar.gz freeipa-dd244c02dd544f518574f45931342b97fd9e0162.tar.xz freeipa-dd244c02dd544f518574f45931342b97fd9e0162.zip | |
Use dedicated keytab for Samba
Samba just needs the cifs/ key on the ipa server. Configure samba to use a
different keytab file so that we do not risk samba commands (net, or similar)
to mess up the system keytab.
https://fedorahosted.org/freeipa/ticket/2168
Diffstat (limited to 'install')
| -rw-r--r-- | install/share/smb.conf.template | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/install/share/smb.conf.template b/install/share/smb.conf.template index 4ab79daa5..8ed521b50 100644 --- a/install/share/smb.conf.template +++ b/install/share/smb.conf.template @@ -1,7 +1,8 @@ [global] workgroup = $NETBIOS_NAME realm = $REALM -kerberos method = system keytab +kerberos method = dedicated keytab +dedicated keytab file = FILE:/etc/samba/samba.keytab create krb5 conf = no security = user domain master = yes @@ -10,6 +11,7 @@ log level = 1 max log size = 100000 log file = /var/log/samba/log.%m passdb backend = ipasam:ldapi://$LDAPI_SOCKET +disable spoolss = yes ldapsam:trusted=yes ldap ssl = off ldap admin dn = $SMB_DN |