samba-users May 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: Re: [Samba] Samba4 and keytabs

Re: [Samba] Samba4 and keytabs

From: Michael Wood <esiotrot_at_nospam>
Date: Mon May 03 2010 - 18:45:36 GMT
To: Jussi Vainionpää <>

On 3 May 2010 17:33, Jussi Vainionpää <> wrote:
> Hello,
> I installed Samba4 according to the HOWTO. The provisioning created a user
> (dns) and a keytab for DNS updates, but the service principal in the keytab
> seems to be wrong for me (the domain name instead of ns1.domainname).
> What would be the correct way of changing / adding service principals
> associated with a user and re-generating the keytab?
> I got the dns updates working by adding a new user with ADUC and creating
> the keytab with ktpass on a windows machine joined to the domain, but that
> seems unnecessarily complicated and results in a keytab with different
> encryption methods compared to the one created by provision.
> Besides dns, service principals and keytabs are needed also for a bunch of
> other services (imap, smtp, http); would the same methods apply?

It looks like the source4/setup/spn_update_list file contains the list
of principles.

I haven't dug around enough to know what the proper way is to do what you need.

I suspect you will get more help with this on the samba-technical list.

-- Michael Wood <> -- To unsubscribe from this list go to the following URL and read the instructions: