[Samba] Generating keytabs for other hosts

Damien Dye damien.dye at sondrel.com
Tue Jan 21 05:43:38 MST 2014 

Hi guys

am looking for some guidance on how I can generate some keytab files from a
samba 4 DC


I been following a tutorial that states some bits on the windows side such
as creating an spn

C:\Users\Administrator>setspn -A host/test.sondrel.com at SONDREL.COM Test
Registering ServicePrincipalNames for CN=Test,OU=Machines,DC=sondrel,DC=com
        host/envy.sondrel.com at SONDREL.COM
Updated object


but there is no ktpass on windows 7 so  I tried the ktpass.sh script that I
found reference to on the mailing list and I get this

 ./ktpass.sh --out envy.keytab --princ
host/test.sondrel.com at SONDREL.COM--host envy --pass * --enc rc4-hmac
Unable to find kvno for principal host/test.sondrel.com at SONDREL.COM
 check that you are authentified with kerberos

I have an active tgt on the DC.


whats the correct procedure to creating spn and keytabs purely form the
samba 4 DC as I can't see any detailed guidance on the wiki.

hope somebody will be able to enlighten me.

Regards





--

Damien Dye
 IT Manager
 *Sondrel Ltd*
 Sondrel House, Theale Lakes Business Park
Moulden Way, Sulhamstead, Berkshire, RG7 4GB, UK

Tel: +44(0)118 9838 550
www.sondrel.com

 [image: Sondrel] <http://www.sondrel.com/>

This e-mail and any attachments may be confidential or legally privileged.
If you are not the intended recipient, you should destroy the e-mail
message and any attachments, and inform us of the erroneous delivery by
return e-mail. You are prohibited from retaining, distributing, disclosing
or using any information contained herein. Internet communications cannot
be guaranteed to be timely, secure, error or virus-free. Sondrel Ltd and
the sender do not accept liability for any errors or omissions, nor do we
accept liability for the content of this email, or for the consequences of
any actions taken on the basis of the information provided, unless that
information is consequently confirmed in writing under the personal
signature of a duly authorised officer of Sondrel Ltd.

This email is sent on behalf of Sondrel Ltd registered in England with
number 4491953, registered office Sondrel House, Theale Lakes Business
Park, Moulden Way, Sulhamstead, Berkshire, RG7 4GB, UK.

More information about the samba mailing list