[Samba] Samba4 kinit issue with principal and keytab file

[Olivier BILHAUT]

Hi All ! 

Using Samba Version 4.1.12, updated from source from
4.0beta1 

I've created a user, let say kerbuser, for a web server to
authenticate with kerberos and provide SSO to the end-users. 

In my
example, my domain is MYDOMAIN.LOCAL, the apache server is
webserver.mydomain.local and the AD user is kerbuser 

I've added a
principal on the user and exported everything in a keytab so the result
of a ktutil list is the following : 

 1 2
HTTP/webserver.mydomain.local at MYDOMAIN.LOCAL
 2 2
HTTP/webserver.mydomain.local at MYDOMAIN.LOCAL
 3 2
HTTP/webserver.mydomain.local at MYDOMAIN.LOCAL
 4 1
HTTP/webserver.mydomain.local at MYDOMAIN.LOCAL
 5 1
HTTP/webserver.mydomain.local at MYDOMAIN.LOCAL
 6 1
HTTP/webserver.mydomain.local at MYDOMAIN.LOCAL 

 7 1
kerbuser at MYDOMAIN.LOCAL
 8 1 kerbuser at MYDOMAIN.LOCAL
 9 1
kerbuser at MYDOMAIN.LOCAL 

The machine name is webserver and it resolve
successfully the machine name webserver.mydomain.local via DNS. 

I can
successfully kinit with the user : 

kinit -V -k -t /root/my.keytab
kerbuser at MYDOMAIN.LOCAL 

Using default cache: /tmp/krb5cc_0
Using
principal: kerbuser at MYDOMAIN.LOCAL
Using keytab:
/root/my.keytab
Authenticated to Kerberos v5

But using the principal
fail : 

kinit -V -k -t /root/my.keytab HTTP/webserver.MYDOMAIN.LOCAL


Using default cache: /tmp/krb5cc_0
Using principal:
HTTP/webserver.MYDOMAIN.LOCAL
Using keytab: /root/my.keytab
kinit:
Client not found in Kerberos database while getting initial credentials


Is there a problem with the REALM somewhere, or I make a mistake using
the principal...? 

I can't figure it out... 

Thanks in advance.


--

Olivier