[Samba] Kerberos authentication issue after upgrading from 4-14-stable to 4-15-stable
Rowland Penny
rpenny at samba.org
Thu Jan 27 12:43:17 UTC 2022
On Thu, 2022-01-27 at 15:01 +0300, Alex via samba wrote:
> Hello Louis,
>
> Samba is already handling the system's keytab (/etc/krb5.keytab), but
> for some reason this error comes up when I try to acquire a TGT with
> k5start:
> [root at vm-corp samba]# /usr/bin/k5start -f /etc/krb5.keytab -L -l 1d
> -k /tmp/krb5cc_test -U -o nslcd -vvv
> Kerberos initialization for host/vm-corp.abisoft.biz at ABISOFT.BIZ
> k5start: authenticating as host/vm-corp.abisoft.biz at ABISOFT.BIZ
> k5start: getting tickets for krbtgt/ABISOFT.BIZ at ABISOFT.BIZ
> k5start: error getting credentials: Client
> 'host/vm-corp.abisoft.biz at ABISOFT.BIZ' not found in Kerberos database
>
> [root at vm-corp samba]# net ads keytab list /etc/krb5.keytab | grep
> 'host/vm-corp.abisoft.biz at ABISOFT.BIZ'
> 2 DES cbc mode with CRC-32
> host/vm-corp.abisoft.biz at ABISOFT.BIZ
> 2 DES cbc mode with RSA-MD5
> host/vm-corp.abisoft.biz at ABISOFT.BIZ
> 2 AES-128 CTS mode with 96-bit SHA-1 HMAC
> host/vm-corp.abisoft.biz at ABISOFT.BIZ
> 2 AES-256 CTS mode with 96-bit SHA-1 HMAC
> host/vm-corp.abisoft.biz at ABISOFT.BIZ
> 2 ArcFour with HMAC/md5
> host/vm-corp.abisoft.biz at ABISOFT.BIZ
>
> Any ideas why?
>
> The reason to use k5start is b/c some progs can't work with keytab
> file directly. For example, nslcd.
Where are you using nslcd ?
By where, I mean on a Samba DC, or a Unix domain member, or a computer
that isn't joined to the domain.
Why are you using nslcd ?
Rowland
More information about the samba
mailing list