On Mon, Jul 09, 2018 at 12:19:09PM +0000, Ondrej Valousek wrote: > Hi List, > > Is there any way how can we recreate system keytab file of a machine joined > to AD if the file has been broken/deleted? > I want to avoid doing join again as this would probably delete the existing > account (with all attributes we have set). > Thanks,
If you used 'net ads join' to join then 'net ads keytab create' might work for you because Samba can recover the keytab with the help of the stored plain text password. With 'adcli update' you have to kinit first as a use which can update the password and then use the --login-ccache option because chances are you cannot kinit with the keytab anymore. But you should use an account which is only allowed to update the password because otherwise adcli might try to update other attributes as well. On AD you can use the ktpass.exe utility to export a fresh keytab. HTH bye, Sumit > > Ondrej > > ----- > > The information contained in this e-mail and in any attachments is > confidential and is designated solely for the attention of the intended > recipient(s). If you are not an intended recipient, you must not use, > disclose, copy, distribute or retain this e-mail or any part thereof. If you > have received this e-mail in error, please notify the sender by return e-mail > and delete all copies of this e-mail from your computer system(s). Please > direct any additional queries to: communicati...@s3group.com. Thank You. > Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. > 378073. Registered Office: South County Business Park, Leopardstown, Dublin > 18. > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/O7COHRTHRQCYG6BKUMVWBBVTA6ZU6LAZ/ _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/Z6AV3THJ6J6IELOAFKJO22PX6IB73JES/