On Thu, 2013-09-05 at 20:39 -0700, Pete Storkey wrote: > > I have tried manually recreating dns.keytab: > > # samba-tool domain exportkeytab --principal=DNS/server.domain.com > /var/lib/samba/private/dns.keytab > # samba-tool domain exportkeytab --principal=DNS/windowsserver.domain.com > /var/lib/samba/private/dns.keytab >
That syntax seems wrong. # samba-tool domain exportkeytab /path/to/dns.keytab --principal=server1.your.domain > The contents of dns.keytab are as follows: > > # ktutil > ktutil: read_kt /var/lib/samba/private/dns.keytab > ktutil: list > slot KVNO Principal > ---- ---- > --------------------------------------------------------------------- > 1 1 DNS/server.domain....@domain.com > 2 1 DNS/server.domain....@domain.com > 3 1 DNS/server.domain....@domain.com > 4 31 DNS/windowsserver.domain....@domain.com > 5 31 DNS/windowsserver.domain....@domain.com > 6 31 DNS/windowsserver.domain....@domain.com > 7 31 DNS/windowsserver.domain....@domain.com > > The problem persists after recreating dns.keytab and restarting Samba and > Bind daemons. > > Is this the correct way to generate the dns.keytab? Is there anything I'm > missing? Maybe you didn't recreate the keytab? Look for the timestamp: klist -kte /path/to/dns.keytab The only difference I can see with our keytab is that we have: DNS/fqdn@REALM and short-hostname@REALM Maybe this isn't a keytab issue? HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
