samba4 keytab management

srikumar108 at aol.com srikumar108 at aol.com
Sun Aug 29 14:17:00 MDT 2010


> I'm not 100% sure that you need to specify the @REALM but it 
shouldn't annoy.

Tried with and without, as per your suggestion.

> Well there is a simple way to check that your keytab is correct:

> kinit -k -t the-keytab ssh (you need to recreate a keytab for the 
ssh at REALM principal).

I just tried it. The error I get is:

kinit: Key table entry not found while getting initial credentials

So clearly, I am missing a crucial step. I did outline the steps I 
followed in my previous message. Is there anything else I should try? 
samba4 is working properly otherwise. I can join from Windows XP and 
Windows 7. File sharing, GPO, roaming profile, folder redirection, all 
work.

I forgot to mention, I am running samba4 on Ubuntu Lucid (10.04). Could 
that be a problem? I should also add that I replaced the mit-kerberos 
package with heimdal client and adjusted ktpass accordingly (to account 
for the differences in ktutil command). ktpass successfully generated a 
keytab, but the same problem as above.

> On host with samba3 net ads keytab is the easiest way to do.

I am familiar with that command, but I was hoping to find a solution on 
the samba4 host itself.


More information about the samba-technical mailing list