[Samba] Fwd: Re: Samba 4 & Smart card logon
Andrew Bartlett
abartlet at samba.org
Tue Jul 3 17:39:50 MDT 2012
On Tue, 2012-07-03 at 17:50 +0300, Charalampos Anargyrou wrote:
> I still have no clue what's going on.
>
> In my attempt to find out what's happening, I found out I haven't done
> neither 4.23.1 nor 4.23.2 in the Heimdal guide (
> http://www.h5l.org/manual/HEAD/info/heimdal/Setting-up-PK_002dINIT.html )
> So I tried 4.23.2 i.e.:
>
> kadmin modify --pkinit-acl="CN=myuser,O=mycompany,C=GR"
> myuser at SERVER.CENTOSDOMAIN
>
> and I received this error:
>
> kadmin: invalid option -- '-'
>
>
> I then tried to do:
>
> kadmin
>
> to get into interactive mode so I can issue the modify command but I
> receive this error:
>
> Authenticating as principal Administrator/admin at SERVER.CENTOSDOMAIN with
> password.
> kadmin: Client not found in Kerberos database while initializing kadmin
> interface
>
> I was puzzled with the Administrator/admin so next I tried:
>
> kadmin -p Administrator at SERVER.CENTOSDOMAIN
>
> with yet another error:
>
> Authenticating as principal Administrator at SERVER.CENTOSDOMAIN with password.
> kadmin: Database error! Required KADM5 principal missing while
> initializing kadmin interface
>
>
> I also tried enabling debugging by using the instructions in
> http://www.h5l.org/manual/HEAD/info/heimdal/Debugging-Kerberos-problems.html
> but I don't see any error messages
>
>
> 1) How can I enable debugging? I'm on CentOS 6.2
> 2) According to the above, does it look like my installation is broken?
> Or is there something I am missing?
You can not use kadmin against Samba4 (we just don't expose the
interfaces needed, sorry), and the configuration we test in our selftest
doesn't need it. This can all be done with just config file entries.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list