[Samba] New Windows 8 RSAT and "OU=Domain Controllers" support?

Andrew Bartlett abartlet at samba.org
Fri May 3 15:22:35 MDT 2013

On Fri, 2013-05-03 at 19:21 +0300, Pekka L.J. Jalkanen wrote:
> On 26.4.2013 13:05, Pekka L.J. Jalkanen wrote:
> > 
> > So it seems that for some reason, exporting the keytab from Samba DC
> > doesn't work. I tried to kinit first using the domain admin account, but
> > to no avail--exportkeytab still throws the same error.
> > 
> > Now, for the purposes of bug 9828 I could probably export it from our
> > Windows DC using ktpass.exe, but I'd naturally like to know what's wrong
> > here.
> > 
> > What should I do? Am I missing something here?
> I forgot this for some time... as the samba-tool exportkeytab didn't
> work, the easiest way to get a proper keytab for decrypting the capture
> was apparently just copy secrets.keytab from the Samba DC and feed that
> file to Wireshark. At least I've now managed to decrypt the stuff myself.

It would be useful to know why samba-tool exportkeytab didn't work, it
is tested in our make test.  Perhaps run it with -d10 and see if it
gives more clues?

> However, as this is not a test domain, I can't just post such a
> sensitive piece of information to Bugzilla. I am, however, ready to send
> it in a GPG-encrypted message to Andrew (currently assigned to the bug)
> or another trusted Samba dev working on the bug. Would that be OK?

Can you reproduce this on a test domain?  That would be better.  While I
do take GPG encrypted stuff, I prefer not to unless I'm actually fixing
database errors in databases or other things that would never be
reproduced again.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list