Bug #2407
Kerberos keytab file is missing for new services
Status: | CLOSED | Start date: | 11/29/2013 | |
---|---|---|---|---|
Priority: | Normal | Due date: | 11/29/2013 | |
Assignee: | - | % Done: | 100% | |
Category: | nethserver-samba | |||
Target version: | v6.5-beta3 | |||
Security class: | Resolution: | |||
Affected version: | v6.4-beta1 | NEEDINFO: | No |
Description
When a kerberized service is installed in a system already configured as AD member, the service keytab file is not created automatically.
By now the keytab are (re)created when the machine password is renewed, and when AD join occurs.
Related issues
Associated revisions
smbads helper script: added "initkeytabs" command. Refs #2407
Expand kerberos keytab on installation. Refs #2407
If on installation the machine is already AD member, the kerberos
keytab file must be created.
Fixed nethserver-squid-conf on keytab re-initialization. Refs #2407
The exec() call prevented the following lines to be executed.
History
#1 Updated by Davide Principi over 7 years ago
- Due date set to 11/29/2013
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- Start date set to 11/29/2013
- % Done changed from 20 to 30
- Estimated time set to 2.00
Solution:
add an initkeytabs
command to smbads
and invoke it from service *-update
event.
#2 Updated by Davide Principi over 7 years ago
- Subject changed from Keytab is missing for new service to Kerberos keytab file is missing for new services
- Description updated (diff)
#3 Updated by Davide Principi over 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
MODIFIED
- nethserver-samba:
added a new subcommand tosmbads
script that re-reads the service list from configuration DB and "expands" kerberos keytab files. - nethserver-mail-server:
see patches
Test case
Check if the service keytab file exists, if nethserver-directory or nethserver-squid are installed AFTER AD join.
/var/lib/dovecot/krb5.keytab
/var/lib/misc/nsrv-squid.keytab
#4 Updated by Davide Principi over 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:
nethserver-mail-server-1.4.6-8.0git50d9f67b.ns6.noarch.rpm
nethserver-samba-1.3.6-4.0git0af6fbfa.ns6.noarch.rpm
#5 Updated by Giacomo Sanchietti over 7 years ago
- Assignee set to Giacomo Sanchietti
#6 Updated by Giacomo Sanchietti over 7 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 70 to 90
Both files are present and correctly generated by smbads command.
Marking as VERIFIED.
#7 Updated by Davide Principi over 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
nethserver-samba-1.4.0-1.ns6.noarch.rpm
nethserver-directory-1.3.0-1.ns6.noarch.rpm
nethserver-dnsmasq-1.1.0-1.ns6.noarch.rpm
nethserver-shorewall-1.0.3-1.ns6.noarch.rpm
nethserver-mail-server-1.5.0-1.ns6.noarch.rpm
nethserver-mail-filter-1.1.4-1.ns6.noarch.rpm
nethserver-nethgui-1.3.0-1.ns6.noarch.rpm
nethserver-base-1.5.0-1.ns6.noarch.rpm
nethserver-lib-1.4.0-1.ns6.noarch.rpm
nethserver-httpd-admin-1.1.0-1.ns6.noarch.rpm
nethserver-yum-1.2.0-1.ns6.noarch.rpm
nethserver-ntopng-1.1.0-1.ns6.noarch.rpm