[Samba] Exporting keytab for SPN failure
Michael A Weber
mweber.subscriptions01 at gmail.com
Wed Sep 14 03:53:44 UTC 2016
Experts—
I’m attempting to export a keytab for a created SPN on the AD DC machine but I’m receiving an error:
ERROR(runtime): uncaught exception - Key table entry not found
File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 129, in run
net.export_keytab(keytab=keytab, principal=principal)
Steps taken to recreate:
1. Create a user for the SPN
samba-tool user create web-intranet-macmini
<provided password when prompted>
2. Add the SPN:
samba-tool spn add HTTP/hostname.domain2.domain1.tld at DOMAIN2.DOMAIN1.TLD web-intranet-macmini
<succeeded without error>
3. Export the keytab file to be used on the intranet host:
samba-tool domain exportkeytab ~/intranet-macmini.keytab —principal=HTTP/hostname.domain2.domain1.tld at DOMAIN2.DOMAIN1.TLD
<Get the error listed above>
Now, I tried adding another SPN without the realm, and exporting without the realm, and I did not receive an error.
I then deleted both SPNs via samba-tool spn delete, recreated the SPN using the realm just to make sure I’m not completely crazy and didn’t fat finger anything (and to make sure my contact lenses are making me see what I think I’m seeing) and I still get the error.
When I do samba-tool spn list web-intranet-macmini, I see the SPN(s) associated with that user, and they are correct.
Is there something glaringly obvious I’m missing?
Mike
More information about the samba
mailing list