[Samba] Samba4 PDC keytab creation for NFSv4 not working

Henrik Dige Semark hds at semark.dk
Tue Nov 4 04:09:45 MST 2014 

According to /samba-tool spn list JOTUNHEIM$/ I have the following SPN's

# samba-tool spn list JOTUNHEIM$
jotunheim$
User CN=JOTUNHEIM,OU=Domain Controllers,DC=yggdrasil,DC=bittoo,DC=net 
has the following servicePrincipalName:
          HOST/jotunheim.yggdrasil.bittoo.net
          HOST/jotunheim.yggdrasil.bittoo.net/YGGDRASIL
          ldap/jotunheim.yggdrasil.bittoo.net/YGGDRASIL
          GC/jotunheim.yggdrasil.bittoo.net/yggdrasil.bittoo.net
          ldap/jotunheim.yggdrasil.bittoo.net
          HOST/jotunheim.yggdrasil.bittoo.net/yggdrasil.bittoo.net
          ldap/jotunheim.yggdrasil.bittoo.net/yggdrasil.bittoo.net
          HOST/JOTUNHEIM
E3514235-4B06-11D1-AB04-00C04FC2DCD2/2350a512-9df8-4e43-b7b2-419cee958c1c/yggdrasil.bittoo.net
ldap/2350a512-9df8-4e43-b7b2-419cee958c1c._msdcs.yggdrasil.bittoo.net
          ldap/JOTUNHEIM
          RestrictedKrbHost/JOTUNHEIM
          RestrictedKrbHost/jotunheim.yggdrasil.bittoo.net
host/jotunheim.static.yggdrasil.bittoo.net at YGGDRASIL.BITTOO.NET
          host/jotunheim.yggdrasil.bittoo.net at YGGDRASIL.BITTOO.NET
nfs/jotunheim.static.yggdrasil.bittoo.net at YGGDRASIL.BITTOO.NET
          nfs/jotunheim.yggdrasil.bittoo.net at YGGDRASIL.BITTOO.NET
http/jotunheim.static.yggdrasil.bittoo.net at YGGDRASIL.BITTOO.NET
          http/jotunheim.yggdrasil.bittoo.net at YGGDRASIL.BITTOO.NET
          ldap/jotunheim.yggdrasil.bittoo.net at YGGDRASIL.BITTOO.NET
ldap/jotunheim.static.yggdrasil.bittoo.net at YGGDRASIL.BITTOO.NET
imap/jotunheim.static.yggdrasil.bittoo.net at YGGDRASIL.BITTOO.NET
          imap/jotunheim.yggdrasil.bittoo.net at YGGDRASIL.BITTOO.NET
radius/jotunheim.yggdrasil.bittoo.net at YGGDRASIL.BITTOO.NET
radius/jotunheim.static.yggdrasil.bittoo.net at YGGDRASIL.BITTOO.NET
          proxy/jotunheim.yggdrasil.bittoo.net at YGGDRASIL.BITTOO.NET
proxy/jotunheim.static.yggdrasil.bittoo.net at YGGDRASIL.BITTOO.NET

Med Venlig Hilsen / Best Regards
Henrik Dige Semark
Mobil: +45 26331701

On 2014-11-04 12:03, Rowland Penny wrote:
> On 04/11/14 10:01, Henrik Dige Semark wrote:
>> Hey Steve,
>>
>> If I run your command I get the same python error as before.
>>
>> # samba-tool domain exportkeytab /etc/krb5.keytab 
>> --principal=nfs/jotunheim.static.yggdrasil.bittoo.net at YGGDRASIL.BITTOO.NET
>> ERROR(runtime): uncaught exception - Key table entry not found
>>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", 
>> line 175, in _run
>>     return self.run(*args, **kwargs)
>>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", 
>> line 103, in run
>>     net.export_keytab(keytab=keytab, principal=principal)
>>
>> Med Venlig Hilsen / Best Regards
>> Henrik Dige Semark
>> Mobil: +45 26331701
>>
>> On 2014-11-03 18:12, steve wrote:
>>> samba-tool domain exportkeytab /etc/krb5.keytab 
>>> --principal=nfs/jotunheim.static.yggdrasil.bittoo.net at YGGDRASIL.BITTOO.NET
>>
> Hi, do you actually have an SPN 
> 'nfs/jotunheim.static.yggdrasil.bittoo.net at YGGDRASIL.BITTOO.NET' in AD ?
>
> Rowland
>

More information about the samba mailing list