Hi.

Something happened with my Kerberos database*. I don't know what. I don't care much (right now).

What I need to do now is to recover.

I am running a small home network: 3 win7 boxes, 2 xps, 2 Mint Linux and one Puppy.

I tried deleting /usr/local/samba/private/* and /usr/local/samba/etc/smb.conf as the how-to suggests, then doing a samba-tool domain provision.

All my Windoze boxes event logs say they can't establish a secure connection to authenticate.

SSH works; I can get in via putty or via ssh on a Linux box.

I have added the users using samba-tool user add jjkwkla.

Kinit works. When I kinit jjkwkla, it asks for a password, then complains that it will expire.

When I try kadmin, it says
'Authenticating as principal jjkwkla/admin@domain.suffix with password
kadmin: Client not found in Kerberos database while initializing kadmin interface'

smbclient works.

samba-tool testparm complains about long share names, but nothing else.

krb5.conf is:
[libdefaults]
    default_realm = DOMAIN.SUFFIX
    dns_lookup_realm = false
    dns_lookup_kdc = true

[realms]
    DOMAIN.SUFFIX = {
        kdc = thisbox.domain.suffix:88
        admin_server = thisbox.domain.suffix:749
        default_domain = domain.suffix
    }

kdc.conf is:

[kdcdefaults]
    kdc_ports 750,88

[realms]
    domain.suffix = {
        database_name = /usr/local/samba/private/principal
        admin_keytab = FILE:/usr/local/samba/private/.keytab
        acl_file = /etc/krb5kdc/kadm5.acl
        keys_stash_file = /etc/krb5kdc/stash
        kdc_ports = 750,88
        max_life = 9107d 5h 0m 0s
        max_renewable_life = 9300d 0h 0m 0s
        master_key_type = des3-hmac-sha1
supported_enctypes = aes256-cts:normal arcfour-hmac:normal des3-hmac-sha 1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
    }

I would appreciate any help you could give. As I said, I'm not interested in knowing why. This box is my print server and I need it!

-thanks!

-jimc

*At least I think it's my Kerberos database...
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to