error acquiring credentials: No key table entry found

Thu, 16 Nov 2017 06:48:01 -0800 

I am trying to make a windows client authenticate with a Linux server in a
domain-joined scenario, I have created a service principal based on the
documentation provided as part of PBIS/gssapps and MSDN GSS/SSPI interop
documentation. Updated the relevant keytab entry in /etc/krb5.keytab.
Ensured the DNS zones are set up correctly and the machine is domain joined
static int server_acquire_creds(    char *service_name,    gss_cred_id_t
*server_creds    ) {    int ret = 0;    gss_buffer_desc name_buf =
GSS_C_EMPTY_BUFFER;    gss_name_t server_name = GSS_C_NO_NAME;    OM_uint32
maj_stat = 0, min_stat = 0;
    name_buf.value = service_name;    name_buf.length = strlen((char
*)name_buf.value) + 1;    maj_stat = gss_import_name(&min_stat, &name_buf,
                             (gss_OID) gss_nt_service_name, &server_name);
  if (maj_stat != GSS_S_COMPLETE) {        display_status("importing name",
maj_stat, min_stat);        ret = -1;        goto error;    }

    maj_stat = gss_acquire_cred(&min_stat, server_name, 0,
              GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
    server_creds, NULL, NULL);    if (maj_stat != GSS_S_COMPLETE) {
display_status("acquiring credentials", maj_stat, min_stat);        ret =
-1;        goto error;    }
error:    (void) gss_release_name(&min_stat, &server_name);
    return ret;}The error I am running into:
GSS-API error acquiring credentials: Unspecified GSS failure.  Minor code
may provide more information (851968, 851968, 0x000d0000)
GSS-API error acquiring credentials: No key table entry found matching gss\/
dell-vostro-155.domain.in/domain.in@ (39756033, 39756033, 0x025ea101)The
service_name passed is "gss/[email protected]".
I do see the principal in ktutil/list


ktutil: list -e
...
114    2 gss/[email protected] (des-cbc-crc)
~/work/gss$ hostname -Adell-vostro-155.domain.in This is happening on the
server end, where it is going to do an gss_ASC,
sudo ./gss-server gss/[email protected]
so gss-server is acting as the "gss" part in the principal name.

Mostly looking for advice on how to go about debugging this.

TIA.
Amritanshu

_______________________________________________
Help-gss mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/help-gss

Reply via email to