Hello, I added two separate spn to two accounts, then I tried to export
them to the keytab but it doesn't seem to work. with the command below:
$ samba-tool spn list z1
z1
User CN = z1, CN = Users, DC = home, DC = lan has the following
servicePrincipalName:
zookeeper/ap42.home.lan at HOME.LAN
$ klist -k -e z1.keytab
Keytab name: FILE: test.keytab
KVNO Principal
---- ----------------------------------------------
----------------------------
2 z1 at HOME.LAN (aes256-cts-hmac-sha1-96)
and so on for the other algorithms
trying to export also the spn:
$ samba-tool domain exportkeytab z1.keytab
--principal=zookeeper/ap42.home.lan at HOME.LAN (maybe I'm wrong here?)
Export one principal to z1.keytab
$ klist -k -e test.keytab
Keytab name: FILE: test.keytab
KVNO Principal
---- ----------------------------------------------
----------------------------
2 z1 at HOME.LAN (aes256-cts-hmac-sha1-96)
the spn does not appear.
On 10/06/2020 16:14, banda bassotti via samba wrote:> Hello, I added two separate spn to two accounts, then I tried to export > them to the keytab but it doesn't seem to work. with the command below: > > $ samba-tool spn list z1 > z1 > User CN = z1, CN = Users, DC = home, DC = lan has the following > servicePrincipalName: > zookeeper/ap42.home.lan at HOME.LANYour problem probably starts there, the SPN should be 'zookeeper/ap42.home.lan' Rowland