[Samba] delete kerberos databases and start over
jimc
jesmeyano at gmail.com
Tue Sep 24 11:10:12 MDT 2013
Hi.
Something happened with my Kerberos database*. I don't know what. I
don't care much (right now).
What I need to do now is to recover.
I am running a small home network: 3 win7 boxes, 2 xps, 2 Mint Linux
and one Puppy.
I tried deleting /usr/local/samba/private/* and
/usr/local/samba/etc/smb.conf as the how-to suggests, then doing a
samba-tool domain provision.
All my Windoze boxes event logs say they can't establish a secure
connection to authenticate.
SSH works; I can get in via putty or via ssh on a Linux box.
I have added the users using samba-tool user add jjkwkla.
Kinit works. When I kinit jjkwkla, it asks for a password, then
complains that it will expire.
When I try kadmin, it says
'Authenticating as principal jjkwkla/admin at domain.suffix with password
kadmin: Client not found in Kerberos database while initializing kadmin
interface'
smbclient works.
samba-tool testparm complains about long share names, but nothing else.
krb5.conf is:
[libdefaults]
default_realm = DOMAIN.SUFFIX
dns_lookup_realm = false
dns_lookup_kdc = true
[realms]
DOMAIN.SUFFIX = {
kdc = thisbox.domain.suffix:88
admin_server = thisbox.domain.suffix:749
default_domain = domain.suffix
}
kdc.conf is:
[kdcdefaults]
kdc_ports 750,88
[realms]
domain.suffix = {
database_name = /usr/local/samba/private/principal
admin_keytab = FILE:/usr/local/samba/private/.keytab
acl_file = /etc/krb5kdc/kadm5.acl
keys_stash_file = /etc/krb5kdc/stash
kdc_ports = 750,88
max_life = 9107d 5h 0m 0s
max_renewable_life = 9300d 0h 0m 0s
master_key_type = des3-hmac-sha1
supported_enctypes = aes256-cts:normal arcfour-hmac:normal
des3-hmac-sha 1:normal des-cbc-crc:normal des:normal des:v4 des:norealm
des:onlyrealm des:afs3
}
I would appreciate any help you could give. As I said, I'm not
interested in knowing why. This box is my print server and I need it!
-thanks!
-jimc
*At least I think it's my Kerberos database...
More information about the samba
mailing list