[Samba] Problem with keytab: "Client not found in Kerberos database"

Brian Candler b.candler at pobox.com
Mon Dec 19 20:02:13 UTC 2016

And FWIW, here's the LDAP entry for the computer which was generated 
when it joined:

root at wrn-dc1:~# ldbsearch -H /usr/local/samba/private/sam.ldb 
# record 1
dn: CN=wrn-radtest,CN=Computers,DC=ad,DC=example,DC=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: wrn-radtest
instanceType: 4
whenCreated: 20161219120818.0Z
uSNCreated: 5055
name: wrn-radtest
objectGUID: db8fd9f5-4be3-4886-a459-71858010f4fa
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
primaryGroupID: 515
objectSid: S-1-5-21-1073172920-2372885959-993370794-1109
accountExpires: 9223372036854775807
sAMAccountName: wrn-radtest$
sAMAccountType: 805306369
objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=ad,DC=example,DC=
isCriticalSystemObject: FALSE
userAccountControl: 69632
pwdLastSet: 131266228999887560
dNSHostName: wrn-radtest.ad.example.net
servicePrincipalName: HOST/WRN-RADTEST
servicePrincipalName: HOST/wrn-radtest.ad.example.net
logonCount: 1
lastLogon: 131266508988047120
lastLogonTimestamp: 131266508988047120
whenChanged: 20161219195459.0Z
uSNChanged: 7842
distinguishedName: CN=wrn-radtest,CN=Computers,DC=ad,DC=example,DC=net

I did a "net ads leave" and "net ads join", but it hasn't made a difference.



