net vampire - error

Aaron Solochek aarons-samba at aberrant.org
Mon Oct 18 07:53:17 MDT 2010 

On 10/18/2010 06:20 AM, Magnus_Benngård wrote:
> 
> 
> 1 problem solved, found out that in some way i had
> "msDS-SupportedEncryptionTypes: 0" in the sam.ldb for Administrator, (I
> have not placed it there), did remove it with: 
> 
> ./ldbedit -H /usr/local/samba/private/sam.ldb -e vi 
> 
> But still no luck with vampire :( 
> 
> On Mon, 18 Oct 2010 08:30:49 +0200, Magnus Benngård  wrote:  
> 
> delete of
> 'CN=FS-MLM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gbg,DC=inputinterior,DC=se'
> failed - (Unknown error) No such Base DN:
> CN=FS-MLM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gbg,DC=inputinterior,DC=se
> 
> But I found a very strange things on the "main server"...
> 
>  kinit Administrator at GBG.INPUTINTERIOR.SE
> Password for Administrator at GBG.INPUTINTERIOR.SE:
> kinit(v5): KDC has no support for encryption type while getting initial
> credentials
> 

I have seen this.  For whatever reason, on more than one occasion, I've seen
msDS-SupportedEncryptionTypes set to '0' on some accounts.  The symptom is that
error.  That property should actually be unset, not 0.  You can do this with
ADSI Edit, or the ldap editor of your choice.


> But it works for maben another account that i have created.
> 
> kinit maben at GBG.INPUTINTERIOR.SE
> Password for maben at GBG.INPUTINTERIOR.SE:
> klist
> Ticket cache:
> FILE:/tmp/krb5cc_0
> Default principal: maben at GBG.INPUTINTERIOR.SE
> 
> Valid starting Expires Service principal
> 10/18/10 07:56:44 10/19/10 07:56:36
> krbtgt/GBG.INPUTINTERIOR.SE at GBG.INPUTINTERIOR.SE
> 
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached 
> 
> I guess I have to figure out whats "broken" with the Administrator
> account
> before i continue with vampire operation. :(
> 
> On Sun, 17 Oct 2010 22:49:14 +0300, Kamen Mazdrashki wrote: 
> 
> It seems you already have entries for your new 'FS-MLM'machine in db.
> Could you try "unvampire" and then try again with 'net vampire' with
> big 'log level' (-d10)
> 
> You can 'unvampire' quick&dirty with following mini-script:
> ldbdel -H ldap://pdc.gbg.inputinterior.se
> "CN=FS-MLM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gbg,DC=inputinterior,DC=se"
> -r
> bin/ldbdel -H ldap://pdc.gbg.inputinterior.se "CN=FS-MLM,OU=Domain
> Controllers,DC=gbg,DC=inputinterior,DC=se" -r
> bin/ldbdel -H
> ldap://pdc.gbg.inputinterior.se
> "CN=FS-MLM,CN=Computers,DC=gbg,DC=inputinterior,DC=se" -r
>

More information about the samba-technical mailing list