kvno failed with recent samba4

Matthieu Patou mat+Informatique.Samba at matws.net
Sat Feb 7 13:34:59 GMT 2009


Hello love,

In fact my question was more: why the same command works quietly against 
a Windows 2003 AD and fail against a fairly recent samba4.

And sorry to ask a stupid question but how should I try the service name 
with ldap/, I tried sevral ones without success.

Matthieu.
On 02/07/2009 03:44 PM, Love Hörnquist Åstrand wrote:
>
>
> Skickat från min iPhone
>
> 7 feb 2009 kl. 06.54 skrev Matthieu Patou 
> <mat+Informatique.Samba at matws.net>:
>
>> Dear all,
>>
>> I was trying to generate a keytab for a user and when I tried to get the
>> kvno for this user
>> I got:
>>
>> test:/usr/local/samba/private# kvno user_tst
>> user_tst at SMB4.TST: KDC policy rejects request while getting credential
>>
>>
>> And in the logs :
>>
>> Kerberos: TGS-REQ user_tst at SMB4.TST from 192.168.99.2 for
>> user_tst at SMB4.TST [canonicalize]
>> Kerberos: Principal may not act as server -- user_tst at SMB4.TST
>> Kerberos: Failed building TGS-REP to 192.168.99.2
>> Kerberos: TGS-REQ user_tst at SMB4.TST from 192.168.99.2 for 
>> user_tst at SMB4.TST
>> Kerberos: Principal may not act as server -- user_tst at SMB4.TST
>
> As the log say, entry doesn't have the bit to be allowed to be acting 
> as a server. Do kvno to a service instead, like ldap/....
>
>>
>> Kerberos: Failed building TGS-REP to 192.168.99.2
>>
>> The previous kinit worked.
>> Any idea of the problem ?
>> Matthieu.



More information about the samba-technical mailing list