[Samba] latest Samba 4 does not look in keytab

Gémes Géza geza at kzsdabas.hu
Fri Feb 10 11:24:30 MST 2012


2012-02-10 17:58 keltezéssel, steve írta:
> Hi
> After upgrading to
> Version 4.0.0alpha18-GIT-24ed8c5 on Ubuntu 11.10, Samba 4 no longer
> looks in the keytab for my nfs server entry:
>
> mount -t nfs4 foo bar --o sec=krb5
> Kerberos: AS-REQ nfs/hh3.hh3.site at HH3.SITE from ipv4:192.168.1.3:53213
> for krbtgt/HH3.SITE at HH3.SITE
> Kerberos: UNKNOWN -- nfs/hh3.hh3.site at HH3.SITE: no such entry found in
> hdb
>
> The nfs entry is in the keytab:
> klist -ke /etc/krb5.keytab
> Keytab name: WRFILE:/etc/krb5.keytab
> KVNO Principal
> ----
> --------------------------------------------------------------------------
>    1 nfs/hh3.hh3.site at HH3.SITE (des-cbc-crc)
>    1 nfs/hh3.hh3.site at HH3.SITE (des-cbc-md5)
>    1 nfs/hh3.hh3.site at HH3.SITE (arcfour-hmac)
>
> How do I tell this new version to look in the keytab? or,
> How do I add the nfs internally?
> Thanks,
> Steve
>
Hi,

First some basics, sorry if it is boring ;-)

/etc/krb5.keytab is the "password file" your nfs service is using in
order to be able to authenticate itself with samba4's kerberos service;
it could be on a completely different machine and would work in the same
way.

Samba4 stores the same "password" in its internal database (ldb) and
when connected it looks it up there.

Now back on your situation:
Have you re-provisioned after upgrade?
If yes you need to recreate the principal and the spn for nfs, and
reexport the keytab for it.
If not you may need to do an upgradeprovision in order to apply the
expected directory changes.

Good Luck!

Geza


More information about the samba mailing list