[Samba] deleted krbtgt user
Andrew Bartlett
abartlet at samba.org
Thu Jul 10 02:44:43 MDT 2014
On Thu, 2014-07-10 at 09:38 +0200, L.P.H. van Belle wrote:
> wel i suggest, restore your backup.. ;-)
>
> or add kadmin/changepw to the new krbtgt user.
>
> samba-tool spn list krbtgt
>
> User CN=krbtgt,CN=Users,...
>
> servicePrincipalName:
> kadmin/changepw
>
> I don't know the samba-tool line, so thats for you to find.
> you can do this also from windows AD tool but you need to set View-Advanced first,
> after that you will see the krbtgt users in the Users OU.
It needs more than that, it has a special SID (specifically the right
RID). This isn't going to be easy to fix, but to start prepare a new
provision with the same parameters, and then make the object match
exactly. This may require use of --relax or other controls to get past
our internal checks.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list