[Samba] Fwd: Re: Samba 4 & Smart card logon
Charalampos Anargyrou
charalampos.anargyrou at gmail.com
Tue Jul 3 08:50:55 MDT 2012
I still have no clue what's going on.
In my attempt to find out what's happening, I found out I haven't done
neither 4.23.1 nor 4.23.2 in the Heimdal guide (
http://www.h5l.org/manual/HEAD/info/heimdal/Setting-up-PK_002dINIT.html )
So I tried 4.23.2 i.e.:
kadmin modify --pkinit-acl="CN=myuser,O=mycompany,C=GR"
myuser at SERVER.CENTOSDOMAIN
and I received this error:
kadmin: invalid option -- '-'
I then tried to do:
kadmin
to get into interactive mode so I can issue the modify command but I
receive this error:
Authenticating as principal Administrator/admin at SERVER.CENTOSDOMAIN with
password.
kadmin: Client not found in Kerberos database while initializing kadmin
interface
I was puzzled with the Administrator/admin so next I tried:
kadmin -p Administrator at SERVER.CENTOSDOMAIN
with yet another error:
Authenticating as principal Administrator at SERVER.CENTOSDOMAIN with password.
kadmin: Database error! Required KADM5 principal missing while
initializing kadmin interface
I also tried enabling debugging by using the instructions in
http://www.h5l.org/manual/HEAD/info/heimdal/Debugging-Kerberos-problems.html
but I don't see any error messages
1) How can I enable debugging? I'm on CentOS 6.2
2) According to the above, does it look like my installation is broken?
Or is there something I am missing?
Kind Regards,
Charalampos
-------- Original Message --------
Subject: Re: [Samba] Samba 4 & Smart card logon
Date: Tue, 03 Jul 2012 13:49:06 +0300
From: Charalampos Anargyrou <charalampos.anargyrou at gmail.com>
To: Andrew Bartlett <abartlet at samba.org>
CC: samba at lists.samba.org
Which certificate you mean?
myuser.pem or the Kerberos certificate?
On 7/3/12 12:56 PM, Andrew Bartlett wrote:
> On Tue, 2012-07-03 at 12:25 +0300, Charalampos Anargyrou wrote:
>> Hello Andrew,
>>
>> Thanks for your reply.
>>
>> Yes I could fill in the wiki if I manage to make it work :-)
>>
>>
>> I'm trying to test the Kerberos configuration with the certificates I
>> have created
>> I'm getting this error:
>>
>> samba4kinit: krb5_pk_enterprise_certs: Failed to find PKINIT
>> certificate: Certificate not found
>>
>> using this command:
>>
>> samba4kinit --pk-user=FILE:/home/myuser/Downloads/myuser.pem --pk-enterprise
>>
>>
>> Does the error mean my certificates are wrong or does it mean I have not
>> configured kerberos properly?
> My guess is that the client running samba4kinit isn't finding the
> certificate correctly.
>
More information about the samba
mailing list