Web lists-archives.com

Re: [Samba] added spn and exported keytab not match




30.11.2017 20:40, Mike Lykov via samba пишет:

User CN=proxy,CN=Users,DC=dc,DC=S****,DC=ru has the following
servicePrincipalName:
           HTTP/proxy.S****.ru@DC.S****.RU
           host/proxy.S****.ru@DC.S****.RU

A.Bartlett wrote about it:

------------
25.01.13 (this list)
https://lists.samba.org/archive/samba/2013-January/171160.html

Exactly.  While the Samba KDC is smart, and knows these are the same
user, the keytab and krb5 client tools are dumb (very), they work on
exact string matches, so you have export out exactly the name you want
to kinit as, or kinit as HTTP/....
-----------

But I can't export keytab "exactly", because my samba-tool show this error:

---------------
ERROR(runtime): uncaught exception - Key table entry not found
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
--------------

spn list shows principals, but domain export can't find that principals. I don't know why.


--
Administrator

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba