mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
docs:smbdotconf: Improve documentation for 'sync machine password to keytab'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689 Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
parent
ca7acec952
commit
2dd81ec2be
@ -67,10 +67,19 @@ Example:
|
||||
"/path/to/keytab7:spns=wurst/brot@REALM,wurst2/brot@REALM:sync_kvno:machine_password"
|
||||
</programlisting>
|
||||
If sync_etypes or sync_kvno or sync_spns is present then winbind connects to DC. For "offline domain join" it might be useful not to use these options.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If no value is present, winbind uses value <programlisting>/path/to/keytab:sync_spns:sync_kvno:machine_password</programlisting>
|
||||
where the path to the keytab is obtained either from the krb5 library or from <smbconfoption name="dedicated keytab file"/>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Suggested configuration is together with <smbconfoption name="kerberos method"/> set to the default value 'secrets only'.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
In clustered environments it is recommended to set <smbconfoption name="sync machine password script"/> to update the machine password on all nodes.
|
||||
</para>
|
||||
</description>
|
||||
</samba:parameter>
|
||||
|
Loading…
Reference in New Issue
Block a user