kvno failed with recent samba4
Love Hörnquist Åstrand
lha at kth.se
Sat Feb 7 12:44:43 GMT 2009
Skickat från min iPhone
7 feb 2009 kl. 06.54 skrev Matthieu Patou <mat+Informatique.Samba at matws.net
>:
> Dear all,
>
> I was trying to generate a keytab for a user and when I tried to get
> the
> kvno for this user
> I got:
>
> test:/usr/local/samba/private# kvno user_tst
> user_tst at SMB4.TST: KDC policy rejects request while getting credential
>
>
> And in the logs :
>
> Kerberos: TGS-REQ user_tst at SMB4.TST from 192.168.99.2 for
> user_tst at SMB4.TST [canonicalize]
> Kerberos: Principal may not act as server -- user_tst at SMB4.TST
> Kerberos: Failed building TGS-REP to 192.168.99.2
> Kerberos: TGS-REQ user_tst at SMB4.TST from 192.168.99.2 for user_tst at SMB4.TST
> Kerberos: Principal may not act as server -- user_tst at SMB4.TST
As the log say, entry doesn't have the bit to be allowed to be acting
as a server. Do kvno to a service instead, like ldap/....
>
> Kerberos: Failed building TGS-REP to 192.168.99.2
>
> The previous kinit worked.
> Any idea of the problem ?
> Matthieu.
More information about the samba-technical
mailing list