Fri Aug 20 08:29:19 MDT 2010
Kerberos: TGS-REQ foo at MYNET.COM from ipv4:192.168.1.13:63462 for
host/laxmi.nyccnet.com at MYNET.COM [canonicalize, renewable, proxiable,
Kerberos: Searching referral for laxmi.mynet.com
Kerberos: Server not found in database:
host/laxmi.mynet.com at MYNET.COM: no such entry found in hdb
Kerberos: Failed building TGS-REP to ipv4:192.168.1.13:63462
And until I get rid of the offending keytab, even pam authentication
does not work. Is 'host/f.q.d.n' a special case in samba4? You said
that ktpass worlks for you, can you also get a host/* keytab? Or have
you only tried other principals?
As usual, any help will be appreciated.
> Do you change the forest/domain level of your samba4 ? if not did you
> specified =A0any level information on provision ?
> It could be worth to dig this pb but in the short time I suggest to set
> this in your /etc/krb5.conf:
> default_tgs_enctypes =3D =A0rc4-hmac des3-cbc-sha1 arcfour-hmac des-cbc-m=
> default_tkt_enctypes =3D =A0rc4-hmac des3-cbc-sha1 arcfour-hmac des-cbc-m=
> in the [libdefaults] section
> Then retry your kinit.
> In case I forget to tell you: I retried this week ktpass.sh and it just
> works on my setup, I was able to generate keytabs for the http kerberos
> authentification so if you have a pb it's either because you didn't type
> the password correctly or because the problem is somewhere else.
More information about the samba-technical