docs:smbdotconf: Improve documentation for 'sync machine password script'

author Pavel Filipenský <pfilipensky@samba.org>

Mon, 12 Aug 2024 09:49:14 +0000 (11:49 +0200)

committer Stefan Metzmacher <metze@samba.org>

Tue, 13 Aug 2024 14:10:37 +0000 (14:10 +0000)
author Pavel Filipenský <pfilipensky@samba.org>
Mon, 12 Aug 2024 09:49:14 +0000 (11:49 +0200)
committer Stefan Metzmacher <metze@samba.org>
Tue, 13 Aug 2024 14:10:37 +0000 (14:10 +0000)
diff --git a/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml b/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml

index 341613372f52924890a8576eb2591fb7e1eecb44..9a7731930d5bef09a763468d3cdd455d894f4770 100644 (file)
--- a/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml
+++ b/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml
@@ -8,8 +8,19 @@
         This is the full pathname to a script that will be run by
          <citerefentry><refentrytitle>winbindd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> when a machine account password is updated.
         </para>
+
+    <para>
+    If keytabs should be generated in clustered environments it is recommended to update them on all nodes.
+    You can set the config option to &pathconfig.SAMBA_DATADIR;/scripts/winbind_ctdb_updatekeytab.sh in clustering case.
+    It is also needed to activate the <constant>46.update-keytabs.script</constant> in ctdb,
+    it re-creates the keytab during the ctdb recovered event:
+    <programlisting>
+    onnode all ctdb event script enable legacy 46.update-keytabs.script
+    </programlisting>
+    </para>
+
  </description>
  
  <value type="default"/>
-<value type="example">/usr/sbin/sync_machine_password</value>
+<value type="example">&pathconfig.SAMBA_DATADIR;/scripts/winbind_ctdb_updatekeytab.sh</value>
  </samba:parameter>
author	Pavel Filipenský <pfilipensky@samba.org>
	Mon, 12 Aug 2024 09:49:14 +0000 (11:49 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Tue, 13 Aug 2024 14:10:37 +0000 (14:10 +0000)