[Samba] smb_krb5_open_keytab failed (Key table name malformed)

shacky shacky83 at gmail.com
Tue May 15 15:25:13 UTC 2018 

Hi Rowland,

2018-05-11 18:13 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:

'socket options' appears twice, not bad for something you should leave
> to the kernel ;-)
>

You are right, thank you! :-)


> You should remove this and allow Samba to find the DC.
>

Ok:
password server = *


> It should be just '/etc/krb5.keytab', remove 'FILE:'
>

Ok:
dedicated keytab file = /etc/krb5.keytab

I would suggest changing this to 'secrets and keytab'
>

Changed:
kerberos method = secrets and keytab


> If these changes do not help, try asking on the sssd-users mailing
> list, neither sssd or realmd have anything to do with Samba.
>

Unfortunately, it does not work. Now i have these errors in syslog:

May 15 17:23:41 fileserv smbd[13001]: [2018/05/15 17:23:41.610956,  2]
../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets)
May 15 17:23:41 fileserv smbd[13001]:
 ../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine password
May 15 17:23:41 fileserv smbd[13001]: [2018/05/15 17:23:41.617631,  2]
../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets)
May 15 17:23:41 fileserv smbd[13001]:
 ../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine password
May 15 17:23:41 fileserv smbd[13001]: [2018/05/15 17:23:41.652613,  0]
../source3/auth/pampass.c:589(smb_pam_account)
May 15 17:23:41 fileserv smbd[13001]:   smb_pam_account: PAM: UNKNOWN PAM
ERROR (4) during Account Management for User: john.doe
May 15 17:23:41 fileserv smbd[13001]: [2018/05/15 17:23:41.652658,  2]
../source3/auth/pampass.c:89(smb_pam_error_handler)
May 15 17:23:41 fileserv smbd[13001]:   smb_pam_error_handler: PAM: Account
Check Failed : System error
May 15 17:23:41 fileserv smbd[13001]: [2018/05/15 17:23:41.652690,  0]
../source3/auth/pampass.c:797(smb_pam_accountcheck)
May 15 17:23:41 fileserv smbd[13001]:   smb_pam_accountcheck: PAM: Account
Validation Failed - Rejecting User john.doe!
May 15 17:23:41 fileserv smbd[13001]: [2018/05/15 17:23:41.653190,  1]
../source3/auth/user_krb5.c:142(get_user_from_kerberos_info)
May 15 17:23:41 fileserv smbd[13001]:   PAM account restrictions prevent
user [john.doe] login
May 15 17:23:41 fileserv smbd[13002]: [2018/05/15 17:23:41.668010,  2]
../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets)
May 15 17:23:41 fileserv smbd[13002]:
 ../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine password
May 15 17:23:41 fileserv smbd[13002]: [2018/05/15 17:23:41.674384,  2]
../source3/librpc/crypto/gse_krb5.c:229(fill_mem_keytab_from_secrets)
May 15 17:23:41 fileserv smbd[13002]:
 ../source3/librpc/crypto/gse_krb5.c:229: failed to fetch machine password
May 15 17:23:41 fileserv smbd[13002]: [2018/05/15 17:23:41.696605,  0]
../source3/auth/pampass.c:589(smb_pam_account)
May 15 17:23:41 fileserv smbd[13002]:   smb_pam_account: PAM: UNKNOWN PAM
ERROR (4) during Account Management for User: john.doe
May 15 17:23:41 fileserv smbd[13002]: [2018/05/15 17:23:41.697795,  2]
../source3/auth/pampass.c:89(smb_pam_error_handler)
May 15 17:23:41 fileserv smbd[13002]:   smb_pam_error_handler: PAM: Account
Check Failed : System error
May 15 17:23:41 fileserv smbd[13002]: [2018/05/15 17:23:41.698882,  0]
../source3/auth/pampass.c:797(smb_pam_accountcheck)
May 15 17:23:41 fileserv smbd[13002]:   smb_pam_accountcheck: PAM: Account
Validation Failed - Rejecting User john.doe!
May 15 17:23:41 fileserv smbd[13002]: [2018/05/15 17:23:41.700591,  1]
../source3/auth/user_krb5.c:142(get_user_from_kerberos_info)
May 15 17:23:41 fileserv smbd[13002]:   PAM account restrictions prevent
user [john.doe] login

I will try to ask to sssd-users mailing list.

Thank you very much for your help!

More information about the samba mailing list