Tim Vangehugten
2013-Apr-29 16:52 UTC
[Samba] ktpass.sh error / How to generate a keytab for a new service (apache) with SAMBA4?
Hi, I was trying to get a new keytab in samba4 for my apache service. So I tried the following command: sh ktpass.sh --out /etc/apache.keytab --princ HTTP/myhost.samba.my.domain at SAMBA.MY.DOMAIN --pass VerySecure123 --enc des-cbc-md5 I get the following error: Unable to find kvno for principal HTTP/myhost.samba.my.domain at SAMBA.MY.DOMAIN Am I doing something wron or shouldn't I be using ktpass.sh? Best Regards Tim Vangehugten
Marc Muehlfeld
2013-Apr-29 20:40 UTC
[Samba] ktpass.sh error / How to generate a keytab for a new service (apache) with SAMBA4?
Hello Tim, Am 29.04.2013 18:52, schrieb Tim Vangehugten:> I was trying to get a new keytab in samba4 for my apache service. So I > tried the following command: > > sh ktpass.sh --out /etc/apache.keytab --princ > HTTP/myhost.samba.my.domain at SAMBA.MY.DOMAIN --pass VerySecure123 --enc > des-cbc-md5 > > I get the following error: Unable to find kvno for principal > HTTP/myhost.samba.my.domain at SAMBA.MY.DOMAIN > > Am I doing something wron or shouldn't I be using ktpass.sh?Maybe you find here something helpfull: https://wiki.samba.org/index.php/Samba4/beyond#Apache_Single_Sign-On Regards, Marc
Matthieu Patou
2013-Apr-30 04:31 UTC
[Samba] ktpass.sh error / How to generate a keytab for a new service (apache) with SAMBA4?
On 04/29/2013 09:52 AM, Tim Vangehugten wrote:> Hi, > > I was trying to get a new keytab in samba4 for my apache service. So I > tried the following command: > > sh ktpass.sh --out /etc/apache.keytab --princ > HTTP/myhost.samba.my.domain at SAMBA.MY.DOMAIN --pass VerySecure123 --enc > des-cbc-md5 > > I get the following error: Unable to find kvno for principal > HTTP/myhost.samba.my.domain at SAMBA.MY.DOMAINCan you do a search like this: ldbsearch -H ldap://<ip_of_you_dc> '(serviceprincipalname=HTTP/myhost.samba.my.domain)' servicePrincipalName -U <user> I'm suspecting that the SPN is not existing yet. Matthieu. -- Matthieu Patou Samba Team http://samba.org
Giedrius
2013-May-30 17:32 UTC
[Samba] ktpass.sh error / How to generate a keytab for a new service (apache) with SAMBA4?
Hi, had the same error trying to re-setup DNS keytab. In my setup kvno was indeed existing, not seen by ktpass.sh The problem: 1) ldbsearch -k 1 does not work with ldap://localhost or ldap://IP you *must*** use hostname of the machine 2) ldbsearch (at least in my setup) does not exists, where ktpass.sh is trying to find it.... and ktpass.sh *does not complain about it* Try passing: --path-to-ldbsearch <directory_of_ldbsearch> Or alternatively, apply attached path to your samba source tree (ne recompile needed) You can verify if you have this principal by: samba-tool spn list <your user that should have this principal> 2013.04.29 19:52, Tim Vangehugten ra??:> Hi, > > I was trying to get a new keytab in samba4 for my apache service. So I > tried the following command: > > sh ktpass.sh --out /etc/apache.keytab --princ > HTTP/myhost.samba.my.domain at SAMBA.MY.DOMAIN --pass VerySecure123 --enc > des-cbc-md5 > > I get the following error: Unable to find kvno for principal > HTTP/myhost.samba.my.domain at SAMBA.MY.DOMAIN > > Am I doing something wron or shouldn't I be using ktpass.sh? > > > Best Regards > Tim Vangehugten-------------- next part -------------- A non-text attachment was scrubbed... Name: ktpass.patch Type: text/x-patch Size: 961 bytes Desc: not available URL: <http://lists.samba.org/pipermail/samba/attachments/20130530/efca2f30/attachment.bin>
Seemingly Similar Threads
- how to run ktpass with a Samba AD DC?
- Extracting the trust account password (for use with Win2k's ktpass)?
- Kerberos Principal
- Looking for GSSAPI config [was: Looking for NTLM config example]
- samba 3, ADS, kerberos, keytab problem - Additional pre-authentication required