On Fri, 2013-05-03 at 19:21 +0300, Pekka L.J. Jalkanen wrote: > On 26.4.2013 13:05, Pekka L.J. Jalkanen wrote: > > > > So it seems that for some reason, exporting the keytab from Samba DC > > doesn't work. I tried to kinit first using the domain admin account, but > > to no avail--exportkeytab still throws the same error. > > > > Now, for the purposes of bug 9828 I could probably export it from our > > Windows DC using ktpass.exe, but I'd naturally like to know what's wrong > > here. > > > > What should I do? Am I missing something here? > > I forgot this for some time... as the samba-tool exportkeytab didn't > work, the easiest way to get a proper keytab for decrypting the capture > was apparently just copy secrets.keytab from the Samba DC and feed that > file to Wireshark. At least I've now managed to decrypt the stuff myself.
It would be useful to know why samba-tool exportkeytab didn't work, it is tested in our make test. Perhaps run it with -d10 and see if it gives more clues? > However, as this is not a test domain, I can't just post such a > sensitive piece of information to Bugzilla. I am, however, ready to send > it in a GPG-encrypted message to Andrew (currently assigned to the bug) > or another trusted Samba dev working on the bug. Would that be OK? Can you reproduce this on a test domain? That would be better. While I do take GPG encrypted stuff, I prefer not to unless I'm actually fixing database errors in databases or other things that would never be reproduced again. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba