[Samba] dns update failt (kerberos)
Thomas Zeitinger
thomas.zeitinger at it2.at
Fri Sep 6 01:45:25 MDT 2013
Ah, ok. Your are right:
root at linsrv:/usr/local/samba/private# klist -e -t -k
/usr/local/samba/private/secrets.keytab
Keytab name: FILE:/usr/local/samba/private/secrets.keytab
KVNO Timestamp Principal
---- -------------------
------------------------------------------------------
1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL (des-cbc-crc)
1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
(des-cbc-crc)
1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL (des-cbc-crc)
1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL (des-cbc-md5)
1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
(des-cbc-md5)
1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL (des-cbc-md5)
1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL (arcfour-hmac)
1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
(arcfour-hmac)
1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL (arcfour-hmac)
1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL (aes128-cts-hmac-sha1-96)
1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
(aes128-cts-hmac-sha1-96)
1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL (aes128-cts-hmac-sha1-96)
1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL (aes256-cts-hmac-sha1-96)
1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
(aes256-cts-hmac-sha1-96)
1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL (aes256-cts-hmac-sha1-96)
On 2013-09-05 18:07, Burgess, Adam wrote:
> They will likely be different entries with different kvno and encryption type combinations. Not sure what syntax your klist uses but -e option may give you the encryption type output for example.
>
>
> Adam
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Thomas Zeitinger
> Sent: 05 September 2013 16:42
> To: samba at lists.samba.org
> Subject: Re: [Samba] dns update failt (kerberos)
>
> Hey!
>
> I found another interessting fact:
>
> samba_dnsupdate --verbose --all-names -d 10
>
> shows me:
>
> [...]
> privateKeytab: secrets.keytab
> [...]
>
> So I tried
>
> root at linsrv:~# klist -t -k /usr/local/samba/private/secrets.keytab
> Keytab name: FILE:/usr/local/samba/private/secrets.keytab
> KVNO Timestamp Principal
> ---- -------------------
> ------------------------------------------------------
> 1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL
> 1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
> 1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL
> 1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL
> 1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
> 1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL
> 1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL
> 1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
> 1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL
> 1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL
> 1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
> 1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL
> 1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL
> 1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
> 1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL
>
>
> Is it a problem that the host is 5 times in the secret.keytab?
>
> How can I verify that?
--
Thomas Zeitinger
Kundenbetreuung
IT-Quadrat EDV Dienstleistungs- und Handels GmbH
Krongasse 8/2 A-1050 Wien
Tel: +43 (1) 311 44 00 - 10
Fax: +43 (1) 311 44 00 - 90
Thomas.Zeitinger at it2.at
www.it2.at
FN 287345t
UID ATU63123113
More information about the samba
mailing list