Re: [Samba] latest Samba 4 does not look in keytab
On 02/10/2012 03:37 PM, steve wrote: Unfortunately, upgradeprovision fails. There are other issues with this latest git because instead of installing everything under /usr/local/samba it leaves stuff in samba-master which it still uses after it has installed. Problem is that make install messes up samba-master. Running make again fixes most of it but leaves the dns files with the wrong permissions if you are using bind9 and the samba dns server falls over after a restart if you provision with the internal. That is on Ubuntu. I keep my old checkout under openSUSE to fall back on. Time for a clean start on Ubuntu I think. Cheers, Steve Please file a bug about upgradeprovision. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] latest Samba 4 does not look in keytab
On 02/10/2012 07:24 PM, Gémes Géza wrote: 2012-02-10 17:58 keltezéssel, steve írta: Hi After upgrading to Version 4.0.0alpha18-GIT-24ed8c5 on Ubuntu 11.10, Samba 4 no longer looks in the keytab for my nfs server entry: mount -t nfs4 foo bar --o sec=krb5 Kerberos: AS-REQ nfs/hh3.hh3.s...@hh3.site from ipv4:192.168.1.3:53213 for krbtgt/hh3.s...@hh3.site Kerberos: UNKNOWN -- nfs/hh3.hh3.s...@hh3.site: no such entry found in hdb The nfs entry is in the keytab: klist -ke /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal -- 1 nfs/hh3.hh3.s...@hh3.site (des-cbc-crc) 1 nfs/hh3.hh3.s...@hh3.site (des-cbc-md5) 1 nfs/hh3.hh3.s...@hh3.site (arcfour-hmac) How do I tell this new version to look in the keytab? or, How do I add the nfs internally? Thanks, Steve Hi, First some basics, sorry if it is boring ;-) Nope. Please keep reminding me:) /etc/krb5.keytab is the "password file" your nfs service is using in order to be able to authenticate itself with samba4's kerberos service; it could be on a completely different machine and would work in the same way. Samba4 stores the same "password" in its internal database (ldb) and when connected it looks it up there. Yep. Got it. Now back on your situation: Have you re-provisioned after upgrade? No. If yes you need to recreate the principal and the spn for nfs, and reexport the keytab for it. If not you may need to do an upgradeprovision in order to apply the expected directory changes. Good Luck! Geza Unfortunately, upgradeprovision fails. There are other issues with this latest git because instead of installing everything under /usr/local/samba it leaves stuff in samba-master which it still uses after it has installed. Problem is that make install messes up samba-master. Running make again fixes most of it but leaves the dns files with the wrong permissions if you are using bind9 and the samba dns server falls over after a restart if you provision with the internal. That is on Ubuntu. I keep my old checkout under openSUSE to fall back on. Time for a clean start on Ubuntu I think. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] latest Samba 4 does not look in keytab
2012-02-10 17:58 keltezéssel, steve írta: > Hi > After upgrading to > Version 4.0.0alpha18-GIT-24ed8c5 on Ubuntu 11.10, Samba 4 no longer > looks in the keytab for my nfs server entry: > > mount -t nfs4 foo bar --o sec=krb5 > Kerberos: AS-REQ nfs/hh3.hh3.s...@hh3.site from ipv4:192.168.1.3:53213 > for krbtgt/hh3.s...@hh3.site > Kerberos: UNKNOWN -- nfs/hh3.hh3.s...@hh3.site: no such entry found in > hdb > > The nfs entry is in the keytab: > klist -ke /etc/krb5.keytab > Keytab name: WRFILE:/etc/krb5.keytab > KVNO Principal > > -- >1 nfs/hh3.hh3.s...@hh3.site (des-cbc-crc) >1 nfs/hh3.hh3.s...@hh3.site (des-cbc-md5) >1 nfs/hh3.hh3.s...@hh3.site (arcfour-hmac) > > How do I tell this new version to look in the keytab? or, > How do I add the nfs internally? > Thanks, > Steve > Hi, First some basics, sorry if it is boring ;-) /etc/krb5.keytab is the "password file" your nfs service is using in order to be able to authenticate itself with samba4's kerberos service; it could be on a completely different machine and would work in the same way. Samba4 stores the same "password" in its internal database (ldb) and when connected it looks it up there. Now back on your situation: Have you re-provisioned after upgrade? If yes you need to recreate the principal and the spn for nfs, and reexport the keytab for it. If not you may need to do an upgradeprovision in order to apply the expected directory changes. Good Luck! Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] latest Samba 4 does not look in keytab
Hi After upgrading to Version 4.0.0alpha18-GIT-24ed8c5 on Ubuntu 11.10, Samba 4 no longer looks in the keytab for my nfs server entry: mount -t nfs4 foo bar --o sec=krb5 Kerberos: AS-REQ nfs/hh3.hh3.s...@hh3.site from ipv4:192.168.1.3:53213 for krbtgt/hh3.s...@hh3.site Kerberos: UNKNOWN -- nfs/hh3.hh3.s...@hh3.site: no such entry found in hdb The nfs entry is in the keytab: klist -ke /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal -- 1 nfs/hh3.hh3.s...@hh3.site (des-cbc-crc) 1 nfs/hh3.hh3.s...@hh3.site (des-cbc-md5) 1 nfs/hh3.hh3.s...@hh3.site (arcfour-hmac) How do I tell this new version to look in the keytab? or, How do I add the nfs internally? Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
