[Samba] generate keytab

[Clodonil Trigo]

Hi,

Looking dns.key he has more encryption options:

$ klist -ke dns.keytab

Keytab name: WRFILE:dns.keytab
KVNO Principal
----
--------------------------------------------------------------------------
   1 DNS/smb4.nisled.org at NISLED.ORG (des-cbc-crc)
   1 dns-smb4 at NISLED.ORG (des-cbc-crc)
   1 DNS/smb4.nisled.org at NISLED.ORG (des-cbc-md5)
   1 dns-smb4 at NISLED.ORG (des-cbc-md5)
   1 DNS/smb4.nisled.org at NISLED.ORG (arcfour-hmac)
   1 dns-smb4 at NISLED.ORG (arcfour-hmac)
   1 DNS/smb4.nisled.org at NISLED.ORG (aes128-cts-hmac-sha1-96)
   1 dns-smb4 at NISLED.ORG (aes128-cts-hmac-sha1-96)
   1 DNS/smb4.nisled.org at NISLED.ORG (aes256-cts-hmac-sha1-96)
   1 dns-smb4 at NISLED.ORG (aes256-cts-hmac-sha1-96)

$ klist -ke http.keytab
Keytab name: WRFILE:http.keytab
KVNO Principal
----
--------------------------------------------------------------------------
   1 HTTP/ejbca.nisled.org at NISLED.ORG (des-cbc-crc)
   1 HTTP/ejbca.nisled.org at NISLED.ORG (des-cbc-md5)
   1 HTTP/ejbca.nisled.org at NISLED.ORG (arcfour-hmac)

How to enable these encryptions in my http.keytab?

Clodonil


2013/1/24 Hleb Valoshka <375gnu at gmail.com>

> Please! Don't write into private mail. Thanks.
>
> > $ Samba-tool user create http-user --random-password
> > $ Samba-tool spn add HTTP/www.nisled.org  http-user
>
> Okay, you've got user http-user with principals http-user at NISLED.ORG
> and HTTP/www.nisled.org at NISLED.ORG.
>
> > $ Samba-tool domain exportkeytab --principal=HTTP/www.nisled.org
> > http.keytab
>
> Here you export _only_ HTTP/www.nisled.org at NISLED.ORG.
>
> > $ kinit -k -t http.keytab http-user
> > kinit: Key table entry not found while getting initial credentials
>
> Of cause, because you didn't export it.
>
> > Can anyone help me?
>
> Export http-user at NISLED.ORG too.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>