Re: [Samba] Key table name malformed
- Date: Wed, 5 Apr 2017 09:54:38 +0200
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Key table name malformed
Hm strange, i dont see it.
Can you upgrade to 4.6.2? see if that helps.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens mj via samba
> Verzonden: woensdag 5 april 2017 9:40
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] Key table name malformed
> Hoi Louis,
> The thing is that the keytab is not generated! That is the issue at
> hand. The join appears to have succeeded:
> > root@processing:~# net ads testjoin
> > Join is OK
> > root@processing:~#
> However no keytab is generated during join, despite having in the domain
> member smb.conf:
> > dedicated keytab file = /etc/krb5.keytab
> > kerberos method = secrets and keytab
> And the reason why it's not generated:
> > smb_krb5_kt_open failed (Key table name malformed)
> > ads_keytab_add_entry failed while adding 'HOST/PROCESSING' principal.
> > libnet_Join:
> > libnet_JoinCtx: struct libnet_JoinCtx
> > out: struct libnet_JoinCtx
> > account_name : NULL
> > netbios_domain_name : 'WRKGRP'
> > dns_domain_name : 'SAMBA.COMPANY.COM'
> > forest_name : 'SAMBA.COMPANY.COM'
> > dn :
> > domain_sid : *
> > domain_sid : S-1-5-21-92843450-981953634-
> > modified_config : 0x00 (0)
> > error_string : 'failed to create kerberos
> > domain_is_ad : 0x01 (1)
> > set_encryption_types : 0x00000000 (0)
> > result : WERR_GEN_FAILURE
> > Failed to join domain: failed to create kerberos keytab
> > return code = -1
> More inline:
> On 04/05/2017 09:25 AM, L.P.H. van Belle via samba wrote:
> > This looks all good.
> > Only one thing in the config, you can remove :
> > winbind nss info = rfc2307
> Yes, this remained from before I discovered the 4.6.x option
> "idmap config WRKGRP:unix_nss_info = yes"
> > Can you check the content of the keytab? klist -ke /etc/krb5.keytab
> > post ( if needed anonymized ) the content you see.
> There is no keytab! :-(
> > And did you by accident run : net ads join , multiple times on this
> Yes, but the first time exactly this occured already. I tried a few
> times again. I even tried a complete fresh installation.
> > Looks to me there is something with net ads keytab going on.
> Yes, exactly. It's not there, and it's not created.
> Anyway ideas why that could be?
> The error seems pretty low-level and frightening:
> smb_krb5_kt_open failed (Key table name malformed)
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
To unsubscribe from this list go to the following URL and read the