[Samba] generate keytab
Clodonil Trigo
clodonil at nisled.org
Thu Jan 24 09:53:40 MST 2013
Hi,
Looking dns.key he has more encryption options:
$ klist -ke dns.keytab
Keytab name: WRFILE:dns.keytab
KVNO Principal
----
--------------------------------------------------------------------------
1 DNS/smb4.nisled.org at NISLED.ORG (des-cbc-crc)
1 dns-smb4 at NISLED.ORG (des-cbc-crc)
1 DNS/smb4.nisled.org at NISLED.ORG (des-cbc-md5)
1 dns-smb4 at NISLED.ORG (des-cbc-md5)
1 DNS/smb4.nisled.org at NISLED.ORG (arcfour-hmac)
1 dns-smb4 at NISLED.ORG (arcfour-hmac)
1 DNS/smb4.nisled.org at NISLED.ORG (aes128-cts-hmac-sha1-96)
1 dns-smb4 at NISLED.ORG (aes128-cts-hmac-sha1-96)
1 DNS/smb4.nisled.org at NISLED.ORG (aes256-cts-hmac-sha1-96)
1 dns-smb4 at NISLED.ORG (aes256-cts-hmac-sha1-96)
$ klist -ke http.keytab
Keytab name: WRFILE:http.keytab
KVNO Principal
----
--------------------------------------------------------------------------
1 HTTP/ejbca.nisled.org at NISLED.ORG (des-cbc-crc)
1 HTTP/ejbca.nisled.org at NISLED.ORG (des-cbc-md5)
1 HTTP/ejbca.nisled.org at NISLED.ORG (arcfour-hmac)
How to enable these encryptions in my http.keytab?
Clodonil
2013/1/24 Hleb Valoshka <375gnu at gmail.com>
> Please! Don't write into private mail. Thanks.
>
> > $ Samba-tool user create http-user --random-password
> > $ Samba-tool spn add HTTP/www.nisled.org http-user
>
> Okay, you've got user http-user with principals http-user at NISLED.ORG
> and HTTP/www.nisled.org at NISLED.ORG.
>
> > $ Samba-tool domain exportkeytab --principal=HTTP/www.nisled.org
> > http.keytab
>
> Here you export _only_ HTTP/www.nisled.org at NISLED.ORG.
>
> > $ kinit -k -t http.keytab http-user
> > kinit: Key table entry not found while getting initial credentials
>
> Of cause, because you didn't export it.
>
> > Can anyone help me?
>
> Export http-user at NISLED.ORG too.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list