Robert Bannocks
2007-Mar-20 11:48 UTC
[Samba] Bizzare behaviour of Samba+ADS - help needed
I have samba+ads working fine *HOWEVER* when I run net ads keytab create it fails. Using -d 10 the debug output says it cannot write to the file. This is truly bizarre as I am running this as root! e.g. # /usr/local/opt/samba/samba-3.0.24/bin/net ads keytab create ; echo $? 183 And /usr/local/opt/samba/samba-3.0.24/bin/net -d 10 ads keytab create ; echo $? Gives [..snip..] ads_get_kvno: Error Determining KVNO! [2007/03/20 11:45:43, 3] libads/ldap.c:ads_get_kvno(1348) ads_get_kvno: Windows 2000 does not support KVNO's, so this may be normal. [2007/03/20 11:45:43, 3] libads/kerberos_keytab.c:smb_krb5_kt_add_entry(184) ads_keytab_add_entry: adding keytab entry for (host/host.nhm.ac.uk@NHM.AC.UK) with encryption type (1) and version (0) [2007/03/20 11:45:43, 1] libads/kerberos_keytab.c:smb_krb5_kt_add_entry(189) ads_keytab_add_entry: adding entry to keytab failed (Cannot write to specified key table) [2007/03/20 11:45:43, 1] libads/kerberos_keytab.c:ads_keytab_add_entry(346) ads_keytab_add_entry: Failed to add entry to keytab file [2007/03/20 11:45:43, 1] libads/kerberos_keytab.c:ads_keytab_create_default(513) ads_keytab_create_default: ads_keytab_add_entry failed while adding 'host'. [2007/03/20 11:45:43, 2] utils/net.c:main(988) return code = -1765328201 183 The default keytab would be /etc/krb5.keytab Any help with this issue would be most appreciated. All the obvious thinks are fine, e.g. /etc/ *is* writable The keytab file does not exist before creation (an in fact touching it to a null file before running net ads create does not change the behaviour either) Regards, RB
Hi Robert, you may temporarily need to add the following line to your krb5.conf file under [libdefaults] section, while you run the net ads keytab create: default_keytab_name="WRFILE:/etc/krb5.keytab" After you generate the keytab file, you can remove this line. hope it helps, Don ----- Original Message ---- From: Robert Bannocks <R.Bannocks@nhm.ac.uk> To: samba@lists.samba.org Sent: Tuesday, March 20, 2007 7:48:42 AM Subject: [Samba] Bizzare behaviour of Samba+ADS - help needed I have samba+ads working fine *HOWEVER* when I run net ads keytab create it fails. Using -d 10 the debug output says it cannot write to the file. This is truly bizarre as I am running this as root! e.g. # /usr/local/opt/samba/samba-3.0.24/bin/net ads keytab create ; echo $? 183 And /usr/local/opt/samba/samba-3.0.24/bin/net -d 10 ads keytab create ; echo $? Gives [..snip..] ads_get_kvno: Error Determining KVNO! [2007/03/20 11:45:43, 3] libads/ldap.c:ads_get_kvno(1348) ads_get_kvno: Windows 2000 does not support KVNO's, so this may be normal. [2007/03/20 11:45:43, 3] libads/kerberos_keytab.c:smb_krb5_kt_add_entry(184) ads_keytab_add_entry: adding keytab entry for (host/host.nhm.ac.uk@NHM.AC.UK) with encryption type (1) and version (0) [2007/03/20 11:45:43, 1] libads/kerberos_keytab.c:smb_krb5_kt_add_entry(189) ads_keytab_add_entry: adding entry to keytab failed (Cannot write to specified key table) [2007/03/20 11:45:43, 1] libads/kerberos_keytab.c:ads_keytab_add_entry(346) ads_keytab_add_entry: Failed to add entry to keytab file [2007/03/20 11:45:43, 1] libads/kerberos_keytab.c:ads_keytab_create_default(513) ads_keytab_create_default: ads_keytab_add_entry failed while adding 'host'. [2007/03/20 11:45:43, 2] utils/net.c:main(988) return code = -1765328201 183 The default keytab would be /etc/krb5.keytab Any help with this issue would be most appreciated. All the obvious thinks are fine, e.g. /etc/ *is* writable The keytab file does not exist before creation (an in fact touching it to a null file before running net ads create does not change the behaviour either) Regards, RB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba ____________________________________________________________________________________ TV dinner still cooling? Check out "Tonight's Picks" on Yahoo! TV. http://tv.yahoo.com/