Hi, does not http.keytab.
exported thus: $samba-tool domain exportkeytab http.keytab --principal=HTTP/ [email protected] ouput line: # klist -ke http.keytab Keytab name: WRFILE:http.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 HTTP/[email protected] (des-cbc-crc) 2 HTTP/[email protected] (des-cbc-md5) 2 HTTP/[email protected] (arcfour-hmac) kinit: # kinit -k -e http.keytab http-ejbca kinit: Key table entry not found while getting initial credentials Prof. Msc. Clodonil H. Trigo www.nisled.org E-mail: [email protected] Classificação: () Confidencial (X) Interna As informações contidas nesta mensagem e respectivos anexos são de interesse exclusivo a quem foram dirigidos, podendo ser confidenciais, portanto fica proibida sua retenção, distribuição, divulgação, reprodução ou utilização, sob as penas da lei. Caso tenha recebido esta mensagem por engano, pedimos a gentileza de informar ao seu autor, eliminando-a de sua caixa de entrada, registros ou sistema de controle. 2013/1/25 Andrew Bartlett <[email protected]> > On Thu, 2013-01-24 at 18:33 +0200, Hleb Valoshka wrote: > > Please! Don't write into private mail. Thanks. > > > > > $ Samba-tool user create http-user --random-password > > > $ Samba-tool spn add HTTP/www.nisled.org http-user > > > > Okay, you've got user http-user with principals [email protected] > > and HTTP/[email protected]. > > > > > $ Samba-tool domain exportkeytab --principal=HTTP/www.nisled.org > > > http.keytab > > > > Here you export _only_ HTTP/[email protected]. > > > > > $ kinit -k -t http.keytab http-user > > > kinit: Key table entry not found while getting initial credentials > > > > Of cause, because you didn't export it. > > > > > Can anyone help me? > > > > Export [email protected] too. > > Exactly. While the Samba KDC is smart, and knows these are the same > user, the keytab and krb5 client tools are dumb (very), they work on > exact string matches, so you have export out exactly the name you want > to kinit as, or kinit as HTTP/[email protected]. > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
