[Samba] dns update failt (kerberos)

Burgess, Adam adam.burgess at hp.com
Thu Sep 5 10:07:00 MDT 2013 

They will likely be different entries with different kvno and encryption type combinations.  Not sure what syntax your klist uses but -e option may give you the encryption type output for example.


Adam

-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Thomas Zeitinger
Sent: 05 September 2013 16:42
To: samba at lists.samba.org
Subject: Re: [Samba] dns update failt (kerberos)

Hey!

I found another interessting fact:

samba_dnsupdate --verbose --all-names -d 10

shows me:

[...]
privateKeytab: secrets.keytab
[...]

So I tried

root at linsrv:~# klist -t -k /usr/local/samba/private/secrets.keytab
Keytab name: FILE:/usr/local/samba/private/secrets.keytab
KVNO Timestamp           Principal
---- -------------------
------------------------------------------------------
   1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL  
   1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
   1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL
   1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL  
   1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
   1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL
   1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL  
   1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
   1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL
   1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL  
   1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
   1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL
   1 2013-08-16 12:49:52 HOST/linsrv at DOMAIN.LOCAL  
   1 2013-08-16 12:49:52 HOST/linsrv.domain.local at DOMAIN.LOCAL
   1 2013-08-16 12:49:52 LINSRV$@DOMAIN.LOCAL


Is it a problem that the host is 5 times in the secret.keytab?

How can I verify that?



On 2013-09-05 12:41, Thomas Zeitinger wrote:
> [...]
> root at linsrv:~# samba_dnsupdate --verbose --all-names
> IPs: ['172.16.0.202']
> Traceback (most recent call last):
>   File "/usr/local/samba/sbin/samba_dnsupdate", line 506, in <module>
>     get_credentials(lp)
>   File "/usr/local/samba/sbin/samba_dnsupdate", line 119, in get_credentials
>     creds.get_named_ccache(lp, ccachename)
> RuntimeError: kinit for LINSRV$@DOMAIN.LOCAL failed (Cannot contact 
> any KDC for requested realm)
>
> and again the different error message with kinit:
>
> [..]
>
> But the account is in the Kerberus DB:
>
> root at linsrv:~# klist -k /etc/krb5.keytab Keytab name: 
> FILE:/etc/krb5.keytab KVNO Principal
> ----
> --------------------------------------------------------------------------
>    1 LINSRV$@DOMAIN.LOCAL
>    1 LINSRV$@DOMAIN.LOCAL
>    1 LINSRV$@DOMAIN.LOCAL
> [...]

--
Thomas Zeitinger
Kundenbetreuung

IT-Quadrat   EDV Dienstleistungs- und Handels GmbH
Krongasse 8/2 A-1050 Wien
Tel: +43 (1) 311 44 00 - 10
Fax: +43 (1) 311 44 00 - 90
Thomas.Zeitinger at it2.at
www.it2.at

FN 287345t
UID ATU63123113


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list