1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

docs:smbdotconf: Improve documentation for 'sync machine password to keytab'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Pavel Filipenský 2024-08-12 11:49:14 +02:00 committed by Stefan Metzmacher
parent ca7acec952
commit 2dd81ec2be

View File

@ -67,10 +67,19 @@ Example:
"/path/to/keytab7:spns=wurst/brot@REALM,wurst2/brot@REALM:sync_kvno:machine_password"
</programlisting>
If sync_etypes or sync_kvno or sync_spns is present then winbind connects to DC. For "offline domain join" it might be useful not to use these options.
</para>
<para>
If no value is present, winbind uses value <programlisting>/path/to/keytab:sync_spns:sync_kvno:machine_password</programlisting>
where the path to the keytab is obtained either from the krb5 library or from <smbconfoption name="dedicated keytab file"/>
</para>
<para>
Suggested configuration is together with <smbconfoption name="kerberos method"/> set to the default value 'secrets only'.
</para>
<para>
In clustered environments it is recommended to set <smbconfoption name="sync machine password script"/> to update the machine password on all nodes.
</para>
</description>
</samba:parameter>