I'm having a problem with kadmin not doing what klist says should work. klist will show my keytab file (with minus k), but when I try and use a principal in that keytab with kinit, I get an error: kinit(v5): Client not found in Kerberos database while getting initial credentials I setup both the Windows server and the Linux client, so I've made a mistake somewhere. What have I done wrong?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 degbert degbert wrote:> I'm having a problem with kadmin not doing what klist says should work. > > klist will show my keytab file (with minus k), but when I try and use > a principal in that keytab with kinit, I get an error: > kinit(v5): Client not found in Kerberos database while getting > initial credentialsYou can only get a TGT using either the UPN or the sAMAccountName. Machine accounts have no UPN by default. My guess is that this is the root of your troubles. cheers, jerry - -- ====================================================================Samba ------- http://www.samba.org Likewise Software --------- http://www.likewisesoftware.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJGHD2IR7qMdg1EfYRAqcaAJ9f20XSP/OejM9iNyqlwMw0IDJDmgCfWKYE M3qKQK0vd8PAdbnhr1c3WoQ=mOQo -----END PGP SIGNATURE-----
2008/11/10 Gerald (Jerry) Carter <jerry@samba.org>:> You can only get a TGT using either the UPN or the > sAMAccountName. Machine accounts have no UPN by default. > My guess is that this is the root of your troubles.Hello Jerry, I think I already have a TGT, klist says that I have a TGT named krbtgt/REALM@REALM: Valid starting Expires Service principal 11/11/08 10:14:07 11/11/08 20:13:52 krbtgt/REALM@REALM and kutil: rkt /etc/krb5.keytab says I have nine principals: 3 x host/FQDN@REALM 3 x host/HOSTNAME@REALM 3 x HOSTNAME$@REALM (In Active directory I see a sAMAccountName of "hostname$", not "HOSTNAME$".) Hopefully I am nearly there :) What you say I need to get a TGT using either the UPN or the sAMAccountName, what should I be doing differently? Thanks, Degbert