[Samba] added spn and exported keytab not match
Mike Lykov
combr at samges.ru
Fri Dec 1 09:46:53 UTC 2017
30.11.2017 20:40, Mike Lykov via samba пишет:
>>> User CN=proxy,CN=Users,DC=dc,DC=S****,DC=ru has the following
>>> servicePrincipalName:
>>> HTTP/proxy.S****.ru at DC.S****.RU
>>> host/proxy.S****.ru at DC.S****.RU
A.Bartlett wrote about it:
------------
25.01.13 (this list)
https://lists.samba.org/archive/samba/2013-January/171160.html
Exactly. While the Samba KDC is smart, and knows these are the same
user, the keytab and krb5 client tools are dumb (very), they work on
exact string matches, so you have export out exactly the name you want
to kinit as, or kinit as HTTP/....
-----------
But I can't export keytab "exactly", because my samba-tool show this error:
---------------
ERROR(runtime): uncaught exception - Key table entry not found
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
--------------
spn list shows principals, but domain export can't find that principals.
I don't know why.
--
Administrator
More information about the samba
mailing list