samba - Mar 2013 - Fwd: kerberos

Sorry 

----- Forwarded Message -----

From: "Saad Benateigha" <sbenateigha at geomega.com> 
To: "Andrew Bartlett" <abartlet at samba.org> 
Sent: Friday, March 8, 2013 4:09:36 PM 
Subject: Re: [Samba] kerberos 


Andrew: 
I have found some information in the Samba and beyond 
And this what I did 
# samba-tool user create postgres-servername 
# samba-tool spn add postgres/servername.domain_name at REALM
postgres-servername

The following command: 
# samba-tool domain exportkeytab /root/krb5.keytab
--principal=postgres/servername.domain_name at REALM

generates the following exception 

ERROR(runtime): uncaught exception - Key table entry not found 
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs) 
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
line 103, in run
net.export_keytab(keytab=keytab, principal=principal) 

What did I do? 

Saad 

----- Forwarded Message -----

From: "Saad Benateigha" <sbenateigha at geomega.com> 
To: "Ricky Nance" <ricky.nance at weaubleau.k12.mo.us> 
Sent: Friday, March 8, 2013 1:08:34 PM 
Subject: Re: [Samba] kerberos 


Thank you for that 
I was wondering if anyone has created a service principle for postgresql? 

S. 

----- Forwarded Message -----

From: "Ricky Nance" <ricky.nance at weaubleau.k12.mo.us> 
To: "Andrew Bartlett" <abartlet at samba.org> 
Cc: "Saad Benateigha" <sbenateigha at geomega.com>, samba at
lists.samba.org
Sent: Friday, March 8, 2013 5:37:36 AM 
Subject: Re: [Samba] kerberos 


https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO_TEMP#Samba_AD_management may
be of help.



Ricky 



On Fri, Mar 8, 2013 at 12:53 AM, Andrew Bartlett < abartlet at samba.org >
wrote:



On Wed, 2013-03-06 at 14:18 -0700, Saad Benateigha wrote:
> I am having a problem using kerberos 
> 
> I have installed samba4, and it appears to work correctly 
> However I want to create a service principle 
> and every time I try to use 
> kadmin -p admin 
> I get this error: 
> Database error! Required KADM5 principal missing while initializing kadmin
interface
> 
> What am I doing wrong? 
> Is there another command since Samba4 has it own kerberos? 
> Please shed some light on my dilemma. 
Correct, you cannot use kamin against a Samba AD DC. We do not provide 
this interface. 

See samba-tool to managet your AD users. 

Andrew Bartlett 

-- 
Andrew Bartlett http://samba.org/~abartlet/ 
Authentication Developer, Samba Team http://samba.org 




-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 






--

2013-03-09 15:49 keltez?ssel, Saad Benateigha ?rta:
> Sorry
>
> ----- Forwarded Message -----
>
> From: "Saad Benateigha" <sbenateigha at geomega.com>
> To: "Andrew Bartlett" <abartlet at samba.org>
> Sent: Friday, March 8, 2013 4:09:36 PM
> Subject: Re: [Samba] kerberos
>
>
> Andrew:
> I have found some information in the Samba and beyond
> And this what I did
> # samba-tool user create postgres-servername
> # samba-tool spn add postgres/servername.domain_name at REALM
postgres-servername
>
> The following command:
> # samba-tool domain exportkeytab /root/krb5.keytab
--principal=postgres/servername.domain_name at REALM
>
> generates the following exception
>
> ERROR(runtime): uncaught exception - Key table entry not found
> File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
> return self.run(*args, **kwargs)
> File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
line 103, in run
> net.export_keytab(keytab=keytab, principal=principal)
>
> What did I do?
>
> Saad
>
> ----- Forwarded Message -----
>
> From: "Saad Benateigha" <sbenateigha at geomega.com>
> To: "Ricky Nance" <ricky.nance at weaubleau.k12.mo.us>
> Sent: Friday, March 8, 2013 1:08:34 PM
> Subject: Re: [Samba] kerberos
>
>
> Thank you for that
> I was wondering if anyone has created a service principle for postgresql?
>
> S.
>
> ----- Forwarded Message -----
>
> From: "Ricky Nance" <ricky.nance at weaubleau.k12.mo.us>
> To: "Andrew Bartlett" <abartlet at samba.org>
> Cc: "Saad Benateigha" <sbenateigha at geomega.com>, samba
at lists.samba.org
> Sent: Friday, March 8, 2013 5:37:36 AM
> Subject: Re: [Samba] kerberos
>
>
> https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO_TEMP#Samba_AD_management
may be of help.
>
>
>
> Ricky
>
>
>
> On Fri, Mar 8, 2013 at 12:53 AM, Andrew Bartlett < abartlet at samba.org
> wrote:
>
>
>
> On Wed, 2013-03-06 at 14:18 -0700, Saad Benateigha wrote:
>> I am having a problem using kerberos
>>
>> I have installed samba4, and it appears to work correctly
>> However I want to create a service principle
>> and every time I try to use
>> kadmin -p admin
>> I get this error:
>> Database error! Required KADM5 principal missing while initializing
kadmin interface
>>
>> What am I doing wrong?
>> Is there another command since Samba4 has it own kerberos?
>> Please shed some light on my dilemma.
> Correct, you cannot use kamin against a Samba AD DC. We do not provide
> this interface.
>
> See samba-tool to managet your AD users.
>
> Andrew Bartlett
>
Hi,

Just out of memory:

Have you tried:

samba-tool domain exportkeytab /root/krb5.keytab
--principal=postgres/servername.domain_name

without the @REALM part?

Regards

Geza Gemes