[Samba] dns update failt (kerberos)

Thomas Zeitinger thomas.zeitinger at it2.at
Thu Sep 5 09:41:31 MDT 2013 

Hey!

I found another interessting fact:

samba_dnsupdate --verbose --all-names -d 10

shows me:

[...]
privateKeytab: secrets.keytab
[...]

So I tried

root at linsrv:~# klist -t -k /usr/local/samba/private/secrets.keytab
Keytab name: FILE:/usr/local/samba/private/secrets.keytab
KVNO Timestamp           Principal
---- -------------------
------------------------------------------------------
   1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL  
   1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
   1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL
   1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL  
   1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
   1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL
   1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL  
   1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
   1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL
   1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL  
   1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
   1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL
   1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL  
   1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
   1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL


Is it a problem that the host is 5 times in the secret.keytab?

How can I verify that?



On 2013-09-05 12:41, Thomas Zeitinger wrote:
> [...]
> root at linsrv:~# samba_dnsupdate --verbose --all-names
> IPs: ['172.16.0.202']
> Traceback (most recent call last):
>   File "/usr/local/samba/sbin/samba_dnsupdate", line 506, in <module>
>     get_credentials(lp)
>   File "/usr/local/samba/sbin/samba_dnsupdate", line 119, in get_credentials
>     creds.get_named_ccache(lp, ccachename)
> RuntimeError: kinit for LINSRV$@DOMAIN.LOCAL failed (Cannot contact any
> KDC for requested realm)
>
> and again the different error message with kinit:
>
> [..]
>
> But the account is in the Kerberus DB:
>
> root at linsrv:~# klist -k /etc/krb5.keytab
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
> ----
> --------------------------------------------------------------------------
>    1 LINSRV$@DOMAIN.LOCAL
>    1 LINSRV$@DOMAIN.LOCAL
>    1 LINSRV$@DOMAIN.LOCAL
> [...]

-- 
Thomas Zeitinger
Kundenbetreuung

IT-Quadrat   EDV Dienstleistungs- und Handels GmbH
Krongasse 8/2 A-1050 Wien
Tel: +43 (1) 311 44 00 - 10
Fax: +43 (1) 311 44 00 - 90
Thomas.Zeitinger at it2.at
www.it2.at

FN 287345t
UID ATU63123113

More information about the samba mailing list