samba4 keytab management
Matthieu Patou
mat at samba.org
Sun Aug 29 15:37:22 MDT 2010
On 30/08/2010 00:17, srikumar108 at aol.com wrote:
>> I'm not 100% sure that you need to specify the @REALM but it
> shouldn't annoy.
>
> Tried with and without, as per your suggestion.
>
>> Well there is a simple way to check that your keytab is correct:
>
>> kinit -k -t the-keytab ssh (you need to recreate a keytab for the
> ssh at REALM principal).
>
the samaccountname of this user is ssh right ? (the one you created with
net user)
have you tried that with kinit ssh at REALM you are able to get a ticket ?
> I just tried it. The error I get is:
>
> kinit: Key table entry not found while getting initial credentials
Can you send us the output of ktutil on this keytab ?
>
> So clearly, I am missing a crucial step. I did outline the steps I
> followed in my previous message. Is there anything else I should try?
> samba4 is working properly otherwise. I can join from Windows XP and
> Windows 7. File sharing, GPO, roaming profile, folder redirection, all
> work.
>
> I forgot to mention, I am running samba4 on Ubuntu Lucid (10.04).
> Could that be a problem? I should also add that I replaced the
> mit-kerberos package with heimdal client and adjusted ktpass
> accordingly (to account for the differences in ktutil command). ktpass
> successfully generated a keytab, but the same problem as above.
Well I'm pretty sure that you do something wrong most probably because
I'm not 100% clear, please send us detailed information with output of
commands.
if you don't want your REALM to be known just sed the result with
TEST.COM but real output will be very usefull if you want to have a full
support.
Matthieu.
Matthieu Patou
Samba Team http://samba.org
More information about the samba-technical
mailing list