[Samba] generate keytab

Clodonil Trigo clodonil at nisled.org
Thu Jan 24 07:14:47 MST 2013 

Hello Friends,

keep trying to generate the keytab. Run these commands, most believe that
the problem is the encryption methods.

$ Samba-tool user create http-user --random-password
$ Samba-tool spn add HTTP/www.nisled.org  http-user
$ Samba-tool domain exportkeytab --principal=HTTP/www.nisled.org http.keytab

The output of the command klist

$ Klist-ke http.keytab
Keytab name: WRFILE: http.keytab
KVNO Home
--------------------------------------------------
----------------------------
    1 HTTP/www.nisled.org at NISLED.ORG (des-cbc-crc)
    1 HTTP/www.nisled.org at NISLED.ORG (des-cbc-md5)
    1 HTTP/www.nisled.org at NISLED.ORG (arcfour-hmac)

kinit command output

$ kinit -k -t http.keytab http-user

kinit: Key table entry not found while getting initial credentials

Can anyone help me?

Prof. Msc. Clodonil H. Trigo
www.nisled.org
E-mail: clodonil at nisled.org

Classificação: () Confidencial (X) Interna
As informações contidas nesta mensagem e respectivos anexos são de
interesse exclusivo a quem foram dirigidos, podendo ser confidenciais,
portanto fica proibida sua retenção, distribuição, divulgação, reprodução
ou utilização, sob as penas da lei. Caso tenha recebido esta mensagem por
engano, pedimos a gentileza de informar ao seu autor, eliminando-a de sua
caixa de entrada, registros ou sistema de controle.


2012/12/22 Andrew Bartlett <abartlet at samba.org>

> On Thu, 2012-12-20 at 14:44 -0200, Clodonil Trigo wrote:
> > Hi Kleb Valoshka,
> >
> > thereby I did.
> >
> > $ samba-tool user add proxy-user
> > $ samba-tool user setexpiry proxy-user -noexpiry
> > $ samba-tool spn add http/proxy-user proxy.nisled.org
> > $ samba-tool spn add http/proxy.nisled.org proxy-user
> >
> > does not work,
> >
> > Clodonil
> >
> >
> >
> > 2012/12/20 Hleb Valoshka <375gnu at gmail.com>
> >
> > > On 12/20/12, Clodonil Trigo <clodonil at nisled.org> wrote:
> > > > $ samba-tool user add proxy-user
> > > > $ samba-tool user setexpiry proxy-user -noexpiry
> > > > $ samba-tool spn add http/proxy-user proxy.nisled.org
> > >
> > > Find the difference:
> > >
> > > samba-tool spn add http/proxy.nisled.org proxy-user
> > >
> > > > $ samba-tool domain exportkeytab /etc/proxy.keytab --principal=http/
> > > > proxy.nisled.org
>
> At this point some idea of the errors you got where it 'does not work'
> would be helpful, as would the output of ktlist on the generated keytab:
>
> ktutil
> rkt /etc/proxy.keytab
> list
>
> Thanks,
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
>
>
>

More information about the samba mailing list