[Samba] Bizzare behaviour of Samba+ADS - help needed

Don McCall donmccall1 at yahoo.com
Tue Mar 20 13:39:23 GMT 2007 

Hi Robert,
you may temporarily need to add the following line to your krb5.conf file under [libdefaults] section, while you run the net ads keytab create:

default_keytab_name="WRFILE:/etc/krb5.keytab"

After you generate the keytab file, you can remove this line.
hope it helps,
Don



----- Original Message ----
From: Robert Bannocks <R.Bannocks at nhm.ac.uk>
To: samba at lists.samba.org
Sent: Tuesday, March 20, 2007 7:48:42 AM
Subject: [Samba] Bizzare behaviour of Samba+ADS - help needed


I have samba+ads working fine *HOWEVER* when I run net ads keytab create
it fails.

Using -d 10 the debug output says it cannot write to the file.  This is
truly bizarre as I am running this as root!

e.g.

# /usr/local/opt/samba/samba-3.0.24/bin/net ads keytab create ; echo $?
183

And 

/usr/local/opt/samba/samba-3.0.24/bin/net -d 10 ads keytab create ; echo
$?

Gives
[..snip..]
  ads_get_kvno: Error Determining KVNO!
[2007/03/20 11:45:43, 3] libads/ldap.c:ads_get_kvno(1348)
  ads_get_kvno: Windows 2000 does not support KVNO's, so this may be
normal.
[2007/03/20 11:45:43, 3]
libads/kerberos_keytab.c:smb_krb5_kt_add_entry(184)
  ads_keytab_add_entry: adding keytab entry for
(host/host.nhm.ac.uk at NHM.AC.UK) with encryption type (1) and version (0)
[2007/03/20 11:45:43, 1]
libads/kerberos_keytab.c:smb_krb5_kt_add_entry(189)
  ads_keytab_add_entry: adding entry to keytab failed (Cannot write to
specified key table)
[2007/03/20 11:45:43, 1]
libads/kerberos_keytab.c:ads_keytab_add_entry(346)
  ads_keytab_add_entry: Failed to add entry to keytab file
[2007/03/20 11:45:43, 1]
libads/kerberos_keytab.c:ads_keytab_create_default(513)
  ads_keytab_create_default: ads_keytab_add_entry failed while adding
'host'.
[2007/03/20 11:45:43, 2] utils/net.c:main(988)
  return code = -1765328201
183

The default keytab would be /etc/krb5.keytab

Any help with this issue would be most appreciated.  All the obvious
thinks are fine, e.g. /etc/ *is* writable
The keytab file does not exist before creation (an in fact touching it
to a null file before running net ads create does not change the
behaviour either)

Regards,

RB
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


 
____________________________________________________________________________________
TV dinner still cooling? 
Check out "Tonight's Picks" on Yahoo! TV.
http://tv.yahoo.com/

More information about the samba mailing list