[Samba] Fwd: Re: Samba 4 & Smart card logon

Tue, 03 Jul 2012 07:51:11 -0700 

I still have no clue what's going on.
In my attempt to find out what's happening, I found out I haven't done neither 4.23.1 nor 4.23.2 in the Heimdal guide ( http://www.h5l.org/manual/HEAD/info/heimdal/Setting-up-PK_002dINIT.html ) 
So I tried 4.23.2 i.e.:
kadmin modify --pkinit-acl="CN=myuser,O=mycompany,C=GR" [email protected] 

and I received this error:

kadmin: invalid option -- '-'


I then tried to do:

kadmin
to get into interactive mode so I can issue the modify command but I receive this error:
Authenticating as principal Administrator/[email protected] with password. kadmin: Client not found in Kerberos database while initializing kadmin interface 

I was puzzled with the Administrator/admin so next I tried:

kadmin -p [email protected]

with yet another error:

Authenticating as principal [email protected] with password.
kadmin: Database error! Required KADM5 principal missing while initializing kadmin interface
I also tried enabling debugging by using the instructions in http://www.h5l.org/manual/HEAD/info/heimdal/Debugging-Kerberos-problems.html but I don't see any error messages 


1) How can I enable debugging? I'm on CentOS 6.2
2) According to the above, does it look like my installation is broken? Or is there something I am missing? 


Kind Regards,
Charalampos


-------- Original Message --------
Subject:        Re: [Samba] Samba 4 & Smart card logon
Date:   Tue, 03 Jul 2012 13:49:06 +0300
From:   Charalampos Anargyrou <[email protected]>
To:     Andrew Bartlett <[email protected]>
CC:     [email protected]



Which certificate you mean?
myuser.pem or the Kerberos certificate?


On 7/3/12 12:56 PM, Andrew Bartlett wrote:

On Tue, 2012-07-03 at 12:25 +0300, Charalampos Anargyrou wrote:

Hello Andrew,

Thanks for your reply.

Yes I could fill in the wiki if I manage to make it work :-)


I'm trying to test the Kerberos configuration with the certificates I
have created
I'm getting this error:

samba4kinit: krb5_pk_enterprise_certs: Failed to find PKINIT
certificate: Certificate not found

using this command:

samba4kinit --pk-user=FILE:/home/myuser/Downloads/myuser.pem --pk-enterprise


Does the error mean my certificates are wrong or does it mean I have not
configured kerberos properly?

My guess is that the client running samba4kinit isn't finding the
certificate correctly.







--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to