[Samba] samba creating keytabs... ( possible bug, can someone confirm this )
Rowland Penny
rpenny at samba.org
Sat Feb 4 13:23:57 UTC 2017
On Sat, 4 Feb 2017 12:30:29 +0000
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Wed, 1 Feb 2017 14:43:52 +0100
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>
> > Hai,
> >
> >
> >
> > I noticed something strange in the keytab file on my member server.
> >
>
> I can confirm this, but it gets stranger ;-)
>
OK, I think I have found a workaround ;-)
Remove the 'http' SPNs from the computers AD object
Then (on the client) run this:
net ads keytab add HTTP -k
klist -ket
.................
2 04/02/17 12:44:48 HTTP/devclient.samdom.example.com at SAMDOM.EXAMPLE.COM (des-cbc-crc)
2 04/02/17 12:44:48 HTTP/DEVCLIENT at SAMDOM.EXAMPLE.COM (des-cbc-crc)
2 04/02/17 12:44:48 HTTP/devclient.samdom.example.com at SAMDOM.EXAMPLE.COM (des-cbc-md5)
2 04/02/17 12:44:48 HTTP/DEVCLIENT at SAMDOM.EXAMPLE.COM (des-cbc-md5)
2 04/02/17 12:44:48 HTTP/devclient.samdom.example.com at SAMDOM.EXAMPLE.COM (aes128-cts-hmac-sha1-96)
2 04/02/17 12:44:48 HTTP/DEVCLIENT at SAMDOM.EXAMPLE.COM (aes128-cts-hmac-sha1-96)
2 04/02/17 12:44:48 HTTP/devclient.samdom.example.com at SAMDOM.EXAMPLE.COM (aes256-cts-hmac-sha1-96)
2 04/02/17 12:44:48 HTTP/DEVCLIENT at SAMDOM.EXAMPLE.COM (aes256-cts-hmac-sha1-96)
2 04/02/17 12:44:48 HTTP/devclient.samdom.example.com at SAMDOM.EXAMPLE.COM (arcfour-hmac)
2 04/02/17 12:44:48 HTTP/DEVCLIENT at SAMDOM.EXAMPLE.COM (arcfour-hmac)
and in the computers AD object:
servicePrincipalName: HOST/DEVCLIENT
servicePrincipalName: HOST/devclient.samdom.example.com
servicePrincipalName: nfs/devclient
servicePrincipalName: nfs/devclient.samdom.example.com
servicePrincipalName: HTTP/devclient
servicePrincipalName: HTTP/devclient.samdom.example.com
Rowland
More information about the samba
mailing list