kvno failed with recent samba4

Love Hörnquist Åstrand lha at kth.se
Sat Feb 7 12:44:43 GMT 2009



Skickat från min iPhone

7 feb 2009 kl. 06.54 skrev Matthieu Patou <mat+Informatique.Samba at matws.net 
 >:

> Dear all,
>
> I was trying to generate a keytab for a user and when I tried to get  
> the
> kvno for this user
> I got:
>
> test:/usr/local/samba/private# kvno user_tst
> user_tst at SMB4.TST: KDC policy rejects request while getting credential
>
>
> And in the logs :
>
> Kerberos: TGS-REQ user_tst at SMB4.TST from 192.168.99.2 for
> user_tst at SMB4.TST [canonicalize]
> Kerberos: Principal may not act as server -- user_tst at SMB4.TST
> Kerberos: Failed building TGS-REP to 192.168.99.2
> Kerberos: TGS-REQ user_tst at SMB4.TST from 192.168.99.2 for user_tst at SMB4.TST
> Kerberos: Principal may not act as server -- user_tst at SMB4.TST

As the log say, entry doesn't have the bit to be allowed to be acting  
as a server. Do kvno to a service instead, like ldap/....

>
> Kerberos: Failed building TGS-REP to 192.168.99.2
>
> The previous kinit worked.
> Any idea of the problem ?
> Matthieu.


More information about the samba-technical mailing list