Displaying 5 results from an estimated 5 matches for "imdap".
Did you mean:
imap
2016 Dec 20
4
Problem with keytab: "Client not found in Kerberos database"
I finally found it, thanks to a clue from
https://wiki.archlinux.org/index.php/Active_Directory_Integration
This works:
kinit -k -t /etc/krb5.keytab 'WRN-RADTEST$'
These don't work:
kinit -k -t /etc/krb5.keytab
kinit -k -t /etc/krb5.keytab host/wrn-radtest.ad.example.net
kinit -k -t /etc/krb5.keytab host/wrn-radtest
That is: the keytab contains three different principals:
root
2016 Dec 20
0
Problem with keytab: "Client not found in Kerberos database"
Rowland Perry wrote:
> >/imdap config AD : backend = rid /> >/ > /> How did you 'fix' this, on face value, there is nothing wrong with that line.
"imdap" is not "idmap"
(so now you understand why I missed it after staring at it so long :-)
> When you join the domain with 'kerb...
2016 Dec 20
3
Problem with keytab: "Client not found in Kerberos database"
On Tue, 20 Dec 2016 13:50:40 +0000
Brian Candler via samba <samba at lists.samba.org> wrote:
> Rowland Perry wrote:
> > >/imdap config AD : backend = rid /> >/ > /> How did you 'fix'
> > >this, on face value, there is nothing wrong with that line.
>
>
> "imdap" is not "idmap"
>
> (so now you understand why I missed it after staring at it so long :-)
Oh yes...
2016 Dec 19
5
Problem with keytab: "Client not found in Kerberos database"
...keytab
log file = /var/log/samba/%m.log
log level = 1
username map = /etc/samba/user.map
winbind enum users = yes
winbind enum groups = yes
winbind nss info = template
template shell = /bin/bash
template homedir = /home/%U
imdap config AD : backend = rid
idmap config AD : range = 100000-999999
idmap config * : backend = autorid
idmap config * : range = 1000000-9999999
idmap config * : rangesize = 100000
The keytab itself looks OK to me:
root at wrn-radtest:~# net ads keytab list
Vno Typ...
2016 Dec 20
0
Problem with keytab: "Client not found in Kerberos database"
...ge = 1000000-1999999
Is it really wrong to use autorid for this?
Anyway: I have followed your advice, switched to tdb, left and rejoined
domain, and regenerated the keytab. The problem is still there.
While doing this I found one stupid problem which was visible in my
original post:
imdap config AD : backend = rid
Arrgh!!! (I noticed this because getent passwd 'AD\brian' started
returning a tdb-assigned ID 1000000 instead of the RID-based ID)
But after fixing that (and net cache flush and restarting winbind),
still no joy:
root at wrn-radtest:~# net ads join -U admini...