On Thu, 2013-01-24 at 18:33 +0200, Hleb Valoshka wrote: > Please! Don't write into private mail. Thanks. > > > $ Samba-tool user create http-user --random-password > > $ Samba-tool spn add HTTP/www.nisled.org http-user > > Okay, you've got user http-user with principals [email protected] > and HTTP/[email protected]. > > > $ Samba-tool domain exportkeytab --principal=HTTP/www.nisled.org > > http.keytab > > Here you export _only_ HTTP/[email protected]. > > > $ kinit -k -t http.keytab http-user > > kinit: Key table entry not found while getting initial credentials > > Of cause, because you didn't export it. > > > Can anyone help me? > > Export [email protected] too.
Exactly. While the Samba KDC is smart, and knows these are the same user, the keytab and krb5 client tools are dumb (very), they work on exact string matches, so you have export out exactly the name you want to kinit as, or kinit as HTTP/[email protected]. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
