[Samba] New Windows 8 RSAT and "OU=Domain Controllers" support?
Andrew Bartlett
abartlet at samba.org
Fri May 3 15:22:35 MDT 2013
On Fri, 2013-05-03 at 19:21 +0300, Pekka L.J. Jalkanen wrote:
> On 26.4.2013 13:05, Pekka L.J. Jalkanen wrote:
> >
> > So it seems that for some reason, exporting the keytab from Samba DC
> > doesn't work. I tried to kinit first using the domain admin account, but
> > to no avail--exportkeytab still throws the same error.
> >
> > Now, for the purposes of bug 9828 I could probably export it from our
> > Windows DC using ktpass.exe, but I'd naturally like to know what's wrong
> > here.
> >
> > What should I do? Am I missing something here?
>
> I forgot this for some time... as the samba-tool exportkeytab didn't
> work, the easiest way to get a proper keytab for decrypting the capture
> was apparently just copy secrets.keytab from the Samba DC and feed that
> file to Wireshark. At least I've now managed to decrypt the stuff myself.
It would be useful to know why samba-tool exportkeytab didn't work, it
is tested in our make test. Perhaps run it with -d10 and see if it
gives more clues?
> However, as this is not a test domain, I can't just post such a
> sensitive piece of information to Bugzilla. I am, however, ready to send
> it in a GPG-encrypted message to Andrew (currently assigned to the bug)
> or another trusted Samba dev working on the bug. Would that be OK?
Can you reproduce this on a test domain? That would be better. While I
do take GPG encrypted stuff, I prefer not to unless I'm actually fixing
database errors in databases or other things that would never be
reproduced again.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list