search for: wrfile

I did a yum update on my management server and now the ovirt gui is no longer accessable. Is it supposed to just work or do I need to do something after the yum update? Justin.

...= /etc/v5srvtab then the function smb_krb5_open_keytab() returns KRB5_KT_UNKNOWN_TYPE. If smb_krb5_open_keytab with a filename "/etc/v5srvtab" it would work fine, however if the "default" keytab is used the expectation is that it must have a prefix "FILE:" or "WRFILE:". Is this the correct logic? It appears that the loop while (next_token_talloc(mem_ctx, &tmp, &kt_str, ",")) { Should have the test if (tmp[0] == '/') found_valid_name = True; Glenn kerberos_keytab.c ads_keytab_add_entry() ret = smb_krb5_op...

...mp/test.keytab added interface ip=192.168.1.11 nmask=255.255.255.0 added interface ip=127.0.0.1 nmask=255.0.0.0 added interface ip=192.168.1.11 nmask=255.255.255.0 added interface ip=127.0.0.1 nmask=255.0.0.0 ldb_wrap open of secrets.ldb root at morannon:~# klist -k -t /tmp/test.keytab Keytab name: WRFILE:/tmp/test.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 1 04/16/11 20:04:19 dumareja at DUMARESQ.LOCAL 1 04/16/11 20:04:19 dumareja at DUMARESQ.LOCAL 1 04/16/11 20:04:19 dumareja at DUMARESQ.LOCAL 2 04/16/11...

...k fine. I have read many articles about using winbind to aquire the Kerberos tickets on login. What I have done so far is join the linux machine to our AD: net ads join -U Administrator After this my krb5.keytab file is filled with the following: root at ubuntu100432:~# klist -kte Keytab name: WRFILE:/etc/krb5.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 2 02/13/12 09:34:59 host/ubuntu100432.a.space.corp at A.SPACE.CORP (DES cbc mode with CRC-32) 2 02/13/12 09:34:59 host/ubuntu100432.a.space.corp at A.SPACE.CORP (D...

...ntry: mount -t nfs4 foo bar --o sec=krb5 Kerberos: AS-REQ nfs/hh3.hh3.site at HH3.SITE from ipv4:192.168.1.3:53213 for krbtgt/HH3.SITE at HH3.SITE Kerberos: UNKNOWN -- nfs/hh3.hh3.site at HH3.SITE: no such entry found in hdb The nfs entry is in the keytab: klist -ke /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 1 nfs/hh3.hh3.site at HH3.SITE (des-cbc-crc) 1 nfs/hh3.hh3.site at HH3.SITE (des-cbc-md5) 1 nfs/hh3.hh3.site at HH3.SITE (arcfour-hmac) How do I tell this new version to loo...

I appear to be missing some libs on suse 10.1 when running: rpmbuild --rebuild samba-3.0.25-ctdb.16.src.rpm <cut lots of output> checking for WRFILE: keytab support... no checking for krb5_princ_realm returns krb5_realm or krb5_data... no checking for krb5_addresses type... no checking whether krb5_mk_error takes 3 arguments MIT or 9 Heimdal... yes configure: WARNING: krb5_mk_req_extended not found in -lkrb5 configure: WARNING: no CREATE_KEY_FU...

...r authentication (with help from the list, thanks!). I've setup smb.conf such that doing 'net ads join -Uadministrator' populates my /etc/krb5.keytab (see configuration files below). klist shows me a nice set of principals from /etc/krb5.keytab klist -k /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 host/ubuntu.sonytel.be at EDEN.SONYTEL.BE 2 host/ubuntu.sonytel.be at EDEN.SONYTEL.BE 2 host/ubuntu.sonytel.be at EDEN.SONYTEL.BE 2 host/ubuntu at EDEN.SONYTEL.BE 2 host/...

...provide more information dovecot: auth: gssapi(?,CLIENT_IP): While processing incoming data: Invalid message type postfix/smtpd[6197]: warning: CLIENT_FQDN[CLIENT_IP]: SASL GSSAPI authentication failed: dovecot: auth: Debug: client out: FAIL#0111 # klist -k /etc/dovecot/krb5.keytab Keytab name: WRFILE:/etc/dovecot/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 imap/MAILSERVER_FQDN at DOMAIN_REALM 2 smtp/MAILSERVER_FQDN at DOMAIN_REALM The client is Thunderbird. Any help would be greatly appreciated. I have made sure that the f...

My server and client are running Ubuntu Lucid, libvirt-bin 0.7.5-5ubuntu27, qemu-kvm-0.12.3+noroms-0ubuntu9 and I'm using virt-viewer-0.0.3-6ubuntu7.xul19 or virt-manager-0.8.2-2ubuntu8 to connect. I configured SASL2 to use GSSAPI for libvirt following the instructions in the libvirt docs, created a keytab with libvirt/my.fully.qualified.domain at MY-REALM.COM (has a dash fwiw) and pointed

...EL3 machines, among other problems I've run into trying to use winbind with ADS security mode. I found a bug in RH's Bugzilla describing the problem and managed to decipher a work-around. The resolution is to add to your /etc/krb5.conf the following: [libdefaults] default_keytab_name = WRFILE:/etc/krb5.keytab For reference, here is the bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=137613 Wil -- Wil Cooley wcooley@nakedape.cc Naked Ape Consulting http://nakedape.cc * * * * Linux, UNIX, Networking and Security Solution...

Hello Samba, We are using Samba/CIFS hp-ux server connecting to Windows ADS and try to create keytab file using net ads create keytab -u Administrator ,but it is unable to create keytab file in the /etc/directory. Please see the attached output file for your reference. Appreciate your help!! Sudheer Radhakrishnan / Capgemini North America P&C / East Business Unit Unix

...9;s password: Using short domain name -- AALTO Joined 'NEXUS6' to realm 'org.aalto.fi' [2010/01/21 10:49:35, 0] libads/kerberos.c:332(ads_kinit_password) kerberos_kinit_password NEXUS6$@ORG.AALTO.FI failed: Client not found in Kerberos database nexus6 etc # klist -k Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 host/nexus6.org.aalto.fi at ORG.AALTO.FI 2 host/nexus6.org.aalto.fi at ORG.AALTO.FI 2 host/nexus6.org.aalto.fi at ORG.AALTO.FI 2 host/nexus6 at ORG.AALTO.FI 2 host/n...

...rify.c and doing some debugging, I found exactly where the problem is occuring (I think). The krb5_kt_resolve immediately before is returning KRB5_KT_UNKNOWN_TYPE. Doing some looking at the source for MIT krb5, and a bit of reading, it looks like there are two key table types defined: FILE and WRFILE. Specifically, in lib/krb5/keytab/ktbase.c:krb5_kt_resolve(112), it cycles through a list of registered key table types, and MEMORY is definitely not one of them. It has no associated krb5_kt_ops struct, at least not one that I can locate. However, this definition _does_ exist in Heimdal Kerbe...

...l domain exportkeytab client.keytab --princ=host/client at REALM and this also works. The client.keytab is transferred to the client and installed as /etc/krb5.keytab with the proper ownership and permissions. * On the client, verify the keytab: # klist -k /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal -------------------------------------------------------------------------- 1 host/<client>@<REALM> 1 host/<client>@<REALM> 1 host/<client>@<REALM> * On the client, change the three ldap_default_ lines to: lda...

I have samba+ads working fine *HOWEVER* when I run net ads keytab create it fails. Using -d 10 the debug output says it cannot write to the file. This is truly bizarre as I am running this as root! e.g. # /usr/local/opt/samba/samba-3.0.24/bin/net ads keytab create ; echo $? 183 And /usr/local/opt/samba/samba-3.0.24/bin/net -d 10 ads keytab create ; echo $? Gives [..snip..] ads_get_kvno:

...l/samba/private/secrets.keytab (arcfour-hmac-md5) [2012/04/23 01:58:29, 1] ../auth/gensec/spnego.c:574(gensec_spnego_parse_negTokenInit) SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE Indeed, klist -ke FILE:/usr/local/samba/private/secrets.keytab shows this: Keytab name: WRFILE:/usr/local/samba/private/secrets.keytab KVNO Principal ---- -------------------------------------------------------------------------- [...] 1 HOST/vie-srv001 at VENTUM.AT (ArcFour with HMAC/md5) 1 HOST/vie-srv001.ventum.at at VENTUM.AT (ArcFour with HMAC/md5) 1 VIE-SRV001$@VENTUM.AT (...

Hi I have Samba 4 installed and working. I recently changed FQDN to dns name hh3.hh3.site. It works OK and e.g. on a windows 7 box which joined the domain, users can logon. But I have a mess in the keytab: klist -k /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 HH3$@HH3.HH1.SITE 2 HH3$@HH3.HH1.SITE 2 HH3$@HH3.HH1.SITE 2 host/HH3 at HH3.HH1.SITE 2 host/HH3 at HH3.HH1.SITE 2 host/HH3 at HH3.HH1.SITE 2 host/hh3.hh3.hh...

...b add HTTP -P") only creates the two des and ArcFour with HMAC/md5 enctypes, no AES enctypes are listed. The Domain admins can use tools on their side to create SPNs and keytabs that have AES and we would prefer them over DES/ArcFour except in special circumstances.: # klist -ke Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal - ---- - -------------------------------------------------------------------------- 5 host/iu-itps-rhel6ad.ads.iu.edu at ADS.IU.EDU (DES cbc mode with CRC-32) 5 host/iu-itps-rhel6ad.ads.iu.edu at ADS.IU.EDU (DES cbc mode with RSA-MD5) 5 host/iu-itps-rhel6ad....

...user at EXAMPLE.COM: # ktutil: wkt dhcpduser.keytab # ktutil: quit but next changes in Using samba AD DC I used # keytab can be generated using the Samba4 tool: # samba-tool domain exportkeytab /etc/dhcpd/dhcpduser.keytab --principal=dhcpduser and klist -k dhcpduser.keytab -e shows Keytab name: WRFILE:/etc/dhcp/dhcpduser.keytab KVNO Principal ---- -------------------------------------------------------------------------- 1 dhcpduser at SAITEL.LOC (DES cbc mode with CRC-32) 1 dhcpduser at SAITEL.LOC (DES cbc mode with RSA-MD5) 1 dhcpduser at SAITEL.LOC (ArcFour with HMAC/md5) so it s...

...ut Kerberos. # net ads join createupn="nfs/nfsserver.example.com at AD.EXAMPLE.COM" createcomputer="OU" -U $BINDUSER%$BINDPASSWD # kinit -k NFSSERVER$ (and NFSCLIENT$, but we're going to mount -o sec=none as mentioned above) # net ads keytab add nfs # klist -ke Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 3 host/nfsserver.example.com at AD.EXAMPLE.COM (des-cbc-crc) 3 host/nfsserver.example.com at AD.EXAMPLE.COM (des-cbc-md5) 3 host/nfsserver.example.com at AD.EXAMPLE.COM (arcfou...