[Samba] failed to create kerberos keytab with samba-3.2.0 [solved (sort of)]

Marc-andré Labonté marc-andre.labonte at mail.mcgill.ca
Thu Jul 10 23:29:40 GMT 2008

Hi all,

I compiled samba-3.2.0 on a brand new machine and when i try to join the
domain, i get the following result:

bash-3.00# net ads join -U administrator
Enter administrator's password:
Failed to join domain: failed to create kerberos keytab

A keytab file is created as /etc/krb5.keytab as it should be

It does not seem to depend on the version of kerberos samba was linked
against, i tried with 1.5.3 and 1.6.3 .  If i set "use kerberos keytab =
no" in my smb.conf file, samba 3.2 is able to join the domain although
samba 3.0.x was working fine with "use kerberos keytab = yes".  I tried
this on 2 different machines both running solaris 10 update 5.

Strangely enough, when messing with different versions of samba,
kerberos and keytab files, i discovered a procedure to make it work.

1 - Compile and install samba-3.0.30
2 - join the domain
3 - delete the keytab file that has been created by the previous step
4 - compile and install samba-3.2.0
5 - join the domain

Than i tested with net ads testjoin, wbinfo -u, wbinfo -g, everything
seems fine.

Worked for me, has anyone else experienced this?

More information about the samba mailing list