On Mon, Feb 25, 2013 at 11:13:35PM +0000, Markus Moeller wrote:
> Maybe it has to do with Samba and NTLM. DO you use the same AD account for
> samba and Kerberos ? You should not do that, use different AD accounts as
> Smaba might invalidate the keytab.
>
We use separate accounts for samba & the keytab. Samba generates a
machine account when we run the "net ads join", the keytab is generated
using what we call a service account - a special user account in AD, as
I stated before I use the windows ktpass command not the mskutil command
to generate the keytab..
The thing is neither of these accounts get locked, it is one specific
user out of thousands that gets hit and, to date, never the same user
each time.
-- Brett Lymn "Warning: The information contained in this email and any attached files is confidential to BAE Systems Australia. If you are not the intended recipient, any use, disclosure or copying of this email or any attachments is expressly prohibited. If you have received this email in error, please notify us immediately. VIRUS: Every care has been taken to ensure this email and its attachments are virus free, however, any loss or damage incurred in using this email is not the sender's responsibility. It is your responsibility to ensure virus checks are completed before installing any data sent in this email to your computer."Received on Mon Feb 25 2013 - 23:26:10 MST
This archive was generated by hypermail 2.2.0 : Tue Feb 26 2013 - 12:00:04 MST