samba4 keytab management
srikumar108 at aol.com
srikumar108 at aol.com
Sun Aug 29 09:28:46 MDT 2010
Hi Matthieu,
First of all it was not my intention to be rude, and I do appreciate
your help. I tried the steps you outlined. I did the following: on the
host running samba4:
# kinit administrator
# net user ssh
# net password set ssh <longstring>
# ldbedit -H sam.ldb cn=ssh [ and add 'serviceprincipalname:
host/<fqdn>@REALM' ]
# ktpass --out /etc/krb5.keytab --princ host/<fqdn>@REALM --pass
<longstring>
The command finishes without error and a keytab with 'host/xyz at REALM'
is created. But, when I try to ssh to the samba4 box, I get prompted
for password,, and even typing the correct password does not let me in.
I do get a ticket on the host that looks like 'host/xyz at REALM' but it
does no good. The error message from sshd is "Wrong principal". In fact
until I remove the keytab, no form of authentication works, not even
local login!
Clearly, ktpass is creating something that no program on the samba4 box
likes :-) BTW, I have joined a Mac to the samba4 domain, and samba3 on
the mac automatically created a keytab with the correct entry. I can
ssh into the mac with GSSAPI without any problem.
Please let me know if I can give you more information.
Thanks!
-----Original Message-----
From: Matthieu Patou <mat at samba.org>
To: srikumar108 at aol.com
Cc: samba-technical at lists.samba.org
Sent: Sun, Aug 29, 2010 6:22 am
Subject: Re: samba4 keytab management
> Well it works on my workstation so be sure of your assertions ... :-)
First it's not very polite and then it's not true.
...
> So please do try the ktpass.sh solution that I proposed because it
works
More information about the samba-technical
mailing list