[Samba] delete kerberos databases and start over

jimc jesmeyano at gmail.com
Tue Sep 24 11:10:12 MDT 2013


Something happened with my Kerberos database*. I don't know what. I 
don't care much (right now).

What I need to do now is to recover.

I am running  a small home network: 3 win7 boxes, 2 xps, 2 Mint Linux 
and one Puppy.

I tried deleting /usr/local/samba/private/* and 
/usr/local/samba/etc/smb.conf as the how-to suggests, then doing a 
samba-tool domain provision.

All my Windoze boxes event logs say they can't establish a secure 
connection to authenticate.

SSH works; I can get in via putty or via ssh on a Linux box.

I have added the users using samba-tool user add jjkwkla.

Kinit works. When I kinit jjkwkla, it asks for a password, then 
complains that it will expire.

When I try kadmin, it says
'Authenticating as principal jjkwkla/admin at domain.suffix with password
kadmin: Client not found in Kerberos database while initializing kadmin 

smbclient works.

samba-tool testparm complains about long share names, but nothing else.

krb5.conf is:
     default_realm = DOMAIN.SUFFIX
     dns_lookup_realm = false
     dns_lookup_kdc = true

         kdc = thisbox.domain.suffix:88
         admin_server = thisbox.domain.suffix:749
         default_domain = domain.suffix

kdc.conf is:

     kdc_ports 750,88

     domain.suffix = {
         database_name = /usr/local/samba/private/principal
         admin_keytab = FILE:/usr/local/samba/private/.keytab
         acl_file = /etc/krb5kdc/kadm5.acl
         keys_stash_file = /etc/krb5kdc/stash
         kdc_ports = 750,88
         max_life = 9107d 5h 0m 0s
         max_renewable_life = 9300d 0h 0m 0s
         master_key_type = des3-hmac-sha1
         supported_enctypes = aes256-cts:normal arcfour-hmac:normal 
des3-hmac-sha 1:normal des-cbc-crc:normal des:normal des:v4 des:norealm 
des:onlyrealm des:afs3

I would appreciate any help you could give. As I said, I'm not 
interested in knowing why. This box is my print server and I need it!



*At least I think it's my Kerberos database...

More information about the samba mailing list