[Samba] Samba 4 and GSSAPI kerberos ldap connect
steve
steve at steve-ss.com
Thu Jan 19 12:00:22 MST 2012
On 19/01/12 19:11, steve wrote:
> http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#badpass
>
> I'm working as client and host on the same box here. Could this be the
> cause of the
> Decrypt integrity check failed
> ??
>
> Cheers
> Steve
Just to confirm:
samba-tool spn delete host
samba-tool spn add ldap/hh3.site host-account
samba-tool domain exportkeytab /etc/ldap.keytab --principal=ldap/hh3.site
kinit host-account
chmod 0644 /tmp/krb500_0
rcnslcd restart
samba gives:
ldb_wrap open of secrets.ldb
Kerberos: TGS-REQ host-account at HH3.SITE from ipv4:192.168.1.3:37883 for
ldap/hh3.site at HH3.SITE [canonicalize, renewable]
Kerberos: TGS-REQ authtime: 2012-01-19T19:49:59 starttime:
2012-01-19T19:51:33 endtime: 2012-01-20T05:49:59 renew till:
2012-01-20T19:49:55
GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see
text): Decrypt integrity check failed
Terminating connection - 'ldapsrv_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
The key in the keytab is not the same as the key in the KDC
Why???
If we can answer that, we're there.
Cheers,
Steve
More information about the samba
mailing list