regenerating secrets.keytab

Matthieu Patou mat at samba.org
Sat Sep 4 14:17:15 MDT 2010 

  On 03/09/2010 17:25, Aaron Solochek wrote:
> On 09/03/2010 01:11 AM, Matthieu Patou wrote:
>>
>> "Andrew Bartlett"<abartlet at samba.org>  wrote:
>>
>>> On Thu, 2010-09-02 at 18:17 -0400, Aaron Solochek wrote:
>>>> On 09/02/2010 06:11 PM, Andrew Bartlett wrote:
>>>>> On Thu, 2010-09-02 at 18:02 -0400, Aaron Solochek wrote:
>>>>>> On 09/02/2010 05:12 PM, Andrew Bartlett wrote:
>>>>>>> On Thu, 2010-09-02 at 16:29 -0400, Aaron Solochek wrote:
>>>>>>>> I'm not sure how, but my secrets.keytab is messed up.  My PDC running
>>>>>>>> samba4 is named FOO, and secrets.keytab contains 4 keys for FOO with
>>>>>>>> kvno 1.  When I run samba with -d1, I was seeing this:
>>>>>>>>
>>>>>>>>   Failed to find FOO$@BAR.COM(kvno 6) in keytab
>>>>>>>> FILE:/usr/local/samba/private/secrets.keytab (arcfour-hmac-md5)
>>>>>>>>
>>>>>>>> Since I couldn't figure out how to make the keytab and ldb agree, I
>>>>>>>> hacked the keytab to set kvno =6.  Unsurprisingly that doesn't result in
>>>>>>>> a valid keytab, so now I'm just getting decrypt integrity check errors.
>>>>>>>>
>>>>>>>> How can I fix this without wiping everything and starting over?
>>>>>>> I would run an upgradeprovision.  It will reset both passwords,
>>>>>>> hopefully getting everything right again in the process.
>>>>>>>
>>>>>>> We could potentially split out the password changing aspect of this into
>>>>>>> another helper script, or put in the periodic password changing, but for
>>>>>>> now that's the best option.
>>>>>>>
>>>>>> This sounds good, however, I am getting these errors:
>>>>>>
>>>>>> A transaction is still active in ldb context [0x2968680] on
>>>>>> /usr/local/samba/private/sam.ldb
>>>>>> A transaction is still active in ldb context [0x3d74120] on
>>>>>> /usr/local/samba/private/idmap.ldb
>>>>>> A transaction is still active in ldb context [0x3023060] on
>>>>>> /usr/local/samba/private/secrets.ldb
>>>>>> A transaction is still active in ldb context [0x40ce300] on
>>>>>> /usr/local/samba/private/privilege.ldb
>>>>>>
>> This is sent by upgradeprovision when something really unexpected happened ... send the full output.
>
> That was the full output.  I turned on debugging and the problem was that it was:
>
> IOError: [Errno 2] No such file or directory:
> '/usr/share/samba/setup/provision.smb.conf.dc'
>
> indeed, my setup was located at the default /usr/local/samba/share/setup
>
I don't know how you how started upgradeprovision, but using it without 
parameters makes upgradeprovision search for the default smb.conf at
/usr/local/samba/etc/smb.conf. So you might had a smb.conf at this 
location that was pointing to /usr/share/samba/setup/provision.smb.conf.dc.


Also the default is /usr/local/samba, I don't know how you got your 
default but it seems not 100 % ok.

Matthieu.

-- 
Matthieu Patou
Samba Team        http://samba.org

More information about the samba-technical mailing list