[Samba] Fwd: Re: Samba 4 & Smart card logon
charalampos.anargyrou at gmail.com
Tue Jul 3 08:50:55 MDT 2012
I still have no clue what's going on.
In my attempt to find out what's happening, I found out I haven't done
neither 4.23.1 nor 4.23.2 in the Heimdal guide (
So I tried 4.23.2 i.e.:
kadmin modify --pkinit-acl="CN=myuser,O=mycompany,C=GR"
myuser at SERVER.CENTOSDOMAIN
and I received this error:
kadmin: invalid option -- '-'
I then tried to do:
to get into interactive mode so I can issue the modify command but I
receive this error:
Authenticating as principal Administrator/admin at SERVER.CENTOSDOMAIN with
kadmin: Client not found in Kerberos database while initializing kadmin
I was puzzled with the Administrator/admin so next I tried:
kadmin -p Administrator at SERVER.CENTOSDOMAIN
with yet another error:
Authenticating as principal Administrator at SERVER.CENTOSDOMAIN with password.
kadmin: Database error! Required KADM5 principal missing while
initializing kadmin interface
I also tried enabling debugging by using the instructions in
but I don't see any error messages
1) How can I enable debugging? I'm on CentOS 6.2
2) According to the above, does it look like my installation is broken?
Or is there something I am missing?
-------- Original Message --------
Subject: Re: [Samba] Samba 4 & Smart card logon
Date: Tue, 03 Jul 2012 13:49:06 +0300
From: Charalampos Anargyrou <charalampos.anargyrou at gmail.com>
To: Andrew Bartlett <abartlet at samba.org>
CC: samba at lists.samba.org
Which certificate you mean?
myuser.pem or the Kerberos certificate?
On 7/3/12 12:56 PM, Andrew Bartlett wrote:
> On Tue, 2012-07-03 at 12:25 +0300, Charalampos Anargyrou wrote:
>> Hello Andrew,
>> Thanks for your reply.
>> Yes I could fill in the wiki if I manage to make it work :-)
>> I'm trying to test the Kerberos configuration with the certificates I
>> have created
>> I'm getting this error:
>> samba4kinit: krb5_pk_enterprise_certs: Failed to find PKINIT
>> certificate: Certificate not found
>> using this command:
>> samba4kinit --pk-user=FILE:/home/myuser/Downloads/myuser.pem --pk-enterprise
>> Does the error mean my certificates are wrong or does it mean I have not
>> configured kerberos properly?
> My guess is that the client running samba4kinit isn't finding the
> certificate correctly.
More information about the samba