samba4 keytab management
srikumar108 at aol.com
srikumar108 at aol.com
Sat Sep 4 17:28:05 MDT 2010
Mathieu,
Thanks foir your response.
>
> I looked at the ssh user through ADUC, and the ssh a/c is not locked > or expired.
Yeah but we need to be sure that you can get a ticket runas /user:DOMAIN\user cmd is also an option in windows.
> After getting a new keytab and trying to kinit, I am getting the message:
> kinit: KDC has no support for encryption type while getting initial > credentials
> From samba.log:
> Kerberos: No client key matching pa-data (aes256-cts-hmac-sha1-96) -- > ssh at MYNET.COM
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Well that's obvious: you do not have an AES key for the user, which can be quite logical.
Do you change the forest/domain level of your samba4 ? if not did you specified any level information on provision ?
I am now running samba with a fresh provision. The provision command was:
provision --domain=NYCCNET --realm=nyccnet.com --host-name=laxmi --host-ip=192.168.1.1 \
--adminpass=Adhikar1 --server-role=dc
It could be worth to dig this pb but in the short time I suggest to set this in your /etc/krb5.conf:
default_tgs_enctypes = rc4-hmac des3-cbc-sha1 arcfour-hmac des-cbc-md5 des-cbc-crc
default_tkt_enctypes = rc4-hmac des3-cbc-sha1 arcfour-hmac des-cbc-md5 des-cbc-crc
in the [libdefaults] section
OK, I tried that:
# kinit -k -t imap.keytab imap
kinit: Key table entry not found while getting initial credentials
More information about the samba-technical
mailing list