[Samba] samba-tool domain exportkeytab fails silently
Rowland Penny
rpenny at samba.org
Sun Jul 4 21:26:42 UTC 2021
On Sun, 2021-07-04 at 22:53 +0200, Kees van Vloten via samba wrote:
> Hi Samba-team,
>
> I am using samba 4.14 from Louis' repo and Debian Buster.
>
> I have created some service accounts for apache with a SPN on each.
> When I do:
>
> samba-tool domain exportkeytab
> --principal=HTTP/host1.example.com at EXAMPLE.COM
> /path/host1_apache.keytab
>
> It creates the keytab with the principal.
> When I do:
>
> samba-tool domain exportkeytab
> --principal=HTTP/host2.example.com at EXAMPLE.COM
> /path/host2_apache.keytab
>
> It does not create any file and returns with rc=0
>
> Both principals are created on a dedicated service (user) account
> (i.e.
> not on the computer account) with:
>
> samba-tool spn add HTTP/host1.example.com at EXAMPLE.COM
> svc_host1_apache
> samba-tool spn add HTTP/host2.example.com at EXAMPLE.COM
> svc_host2_apache
>
Please check how you created the users and how you added the SPN's.
It works for myself, so you could have mistyped something.
If you still cannot find anything wrong with how you created
everything, then check the users SPN's etc. It will also help if you
can post exactly how you created the users and then added the SPN's
Rowland
More information about the samba
mailing list