[Samba] smb_krb5_open_keytab failed (Key table name malformed)
shacky
shacky83 at gmail.com
Tue May 15 15:25:13 UTC 2018
Hi Rowland,
2018-05-11 18:13 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:
'socket options' appears twice, not bad for something you should leave
> to the kernel ;-)
>
You are right, thank you! :-)
> You should remove this and allow Samba to find the DC.
>
Ok:
password server = *
> It should be just '/etc/krb5.keytab', remove 'FILE:'
>
Ok:
dedicated keytab file = /etc/krb5.keytab
I would suggest changing this to 'secrets and keytab'
>
Changed:
kerberos method = secrets and keytab
> If these changes do not help, try asking on the sssd-users mailing
> list, neither sssd or realmd have anything to do with Samba.
>
Unfortunately, it does not work. Now i have these errors in syslog:
May 15 17:23:41 fileserv smbd[13001]: [2018/05/15 17:23:41.610956, 2]
../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets)
May 15 17:23:41 fileserv smbd[13001]:
../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine password
May 15 17:23:41 fileserv smbd[13001]: [2018/05/15 17:23:41.617631, 2]
../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets)
May 15 17:23:41 fileserv smbd[13001]:
../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine password
May 15 17:23:41 fileserv smbd[13001]: [2018/05/15 17:23:41.652613, 0]
../source3/auth/pampass.c:589(smb_pam_account)
May 15 17:23:41 fileserv smbd[13001]: smb_pam_account: PAM: UNKNOWN PAM
ERROR (4) during Account Management for User: john.doe
May 15 17:23:41 fileserv smbd[13001]: [2018/05/15 17:23:41.652658, 2]
../source3/auth/pampass.c:89(smb_pam_error_handler)
May 15 17:23:41 fileserv smbd[13001]: smb_pam_error_handler: PAM: Account
Check Failed : System error
May 15 17:23:41 fileserv smbd[13001]: [2018/05/15 17:23:41.652690, 0]
../source3/auth/pampass.c:797(smb_pam_accountcheck)
May 15 17:23:41 fileserv smbd[13001]: smb_pam_accountcheck: PAM: Account
Validation Failed - Rejecting User john.doe!
May 15 17:23:41 fileserv smbd[13001]: [2018/05/15 17:23:41.653190, 1]
../source3/auth/user_krb5.c:142(get_user_from_kerberos_info)
May 15 17:23:41 fileserv smbd[13001]: PAM account restrictions prevent
user [john.doe] login
May 15 17:23:41 fileserv smbd[13002]: [2018/05/15 17:23:41.668010, 2]
../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets)
May 15 17:23:41 fileserv smbd[13002]:
../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine password
May 15 17:23:41 fileserv smbd[13002]: [2018/05/15 17:23:41.674384, 2]
../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets)
May 15 17:23:41 fileserv smbd[13002]:
../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine password
May 15 17:23:41 fileserv smbd[13002]: [2018/05/15 17:23:41.696605, 0]
../source3/auth/pampass.c:589(smb_pam_account)
May 15 17:23:41 fileserv smbd[13002]: smb_pam_account: PAM: UNKNOWN PAM
ERROR (4) during Account Management for User: john.doe
May 15 17:23:41 fileserv smbd[13002]: [2018/05/15 17:23:41.697795, 2]
../source3/auth/pampass.c:89(smb_pam_error_handler)
May 15 17:23:41 fileserv smbd[13002]: smb_pam_error_handler: PAM: Account
Check Failed : System error
May 15 17:23:41 fileserv smbd[13002]: [2018/05/15 17:23:41.698882, 0]
../source3/auth/pampass.c:797(smb_pam_accountcheck)
May 15 17:23:41 fileserv smbd[13002]: smb_pam_accountcheck: PAM: Account
Validation Failed - Rejecting User john.doe!
May 15 17:23:41 fileserv smbd[13002]: [2018/05/15 17:23:41.700591, 1]
../source3/auth/user_krb5.c:142(get_user_from_kerberos_info)
May 15 17:23:41 fileserv smbd[13002]: PAM account restrictions prevent
user [john.doe] login
I will try to ask to sssd-users mailing list.
Thank you very much for your help!
More information about the samba
mailing list