No subject

Fri Aug 20 08:29:19 MDT 2010

Kerberos: TGS-REQ foo at MYNET.COM from ipv4: for
host/ at MYNET.COM [canonicalize, renewable, proxiable,
Kerberos: Searching referral for
Kerberos: Server not found in database:
host/ at MYNET.COM: no such entry found in hdb
Kerberos: Failed building TGS-REP to ipv4:

And until I get rid of the offending keytab, even pam authentication
does not work. Is 'host/f.q.d.n' a special case in samba4? You said
that ktpass worlks for you, can you also get a host/* keytab? Or have
you only tried other principals?

As usual, any help will be appreciated.


> Do you change the forest/domain level of your samba4 ? if not did you
> specified =A0any level information on provision ?
> It could be worth to dig this pb but in the short time I suggest to set
> this in your /etc/krb5.conf:
> default_tgs_enctypes =3D =A0rc4-hmac des3-cbc-sha1 arcfour-hmac des-cbc-m=
> des-cbc-crc
> default_tkt_enctypes =3D =A0rc4-hmac des3-cbc-sha1 arcfour-hmac des-cbc-m=
> des-cbc-crc
> in the [libdefaults] section
> Then retry your kinit.
> In case I forget to tell you: I retried this week and it just
> works on my setup, I was able to generate keytabs for the http kerberos
> authentification so if you have a pb it's either because you didn't type
> the password correctly or because the problem is somewhere else.
> Matthieu.

More information about the samba-technical mailing list