They will likely be different entries with different kvno and encryption type combinations. Not sure what syntax your klist uses but -e option may give you the encryption type output for example.
Adam -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Thomas Zeitinger Sent: 05 September 2013 16:42 To: [email protected] Subject: Re: [Samba] dns update failt (kerberos) Hey! I found another interessting fact: samba_dnsupdate --verbose --all-names -d 10 shows me: [...] privateKeytab: secrets.keytab [...] So I tried root@linsrv:~# klist -t -k /usr/local/samba/private/secrets.keytab Keytab name: FILE:/usr/local/samba/private/secrets.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 1 2013-08-16 12:49:52 HOST/[email protected] 1 2013-08-16 12:49:52 HOST/[email protected] 1 2013-08-16 12:49:52 [email protected] 1 2013-08-16 12:49:52 HOST/[email protected] 1 2013-08-16 12:49:52 HOST/[email protected] 1 2013-08-16 12:49:52 [email protected] 1 2013-08-16 12:49:52 HOST/[email protected] 1 2013-08-16 12:49:52 HOST/[email protected] 1 2013-08-16 12:49:52 [email protected] 1 2013-08-16 12:49:52 HOST/[email protected] 1 2013-08-16 12:49:52 HOST/[email protected] 1 2013-08-16 12:49:52 [email protected] 1 2013-08-16 12:49:52 HOST/[email protected] 1 2013-08-16 12:49:52 HOST/[email protected] 1 2013-08-16 12:49:52 [email protected] Is it a problem that the host is 5 times in the secret.keytab? How can I verify that? On 2013-09-05 12:41, Thomas Zeitinger wrote: > [...] > root@linsrv:~# samba_dnsupdate --verbose --all-names > IPs: ['172.16.0.202'] > Traceback (most recent call last): > File "/usr/local/samba/sbin/samba_dnsupdate", line 506, in <module> > get_credentials(lp) > File "/usr/local/samba/sbin/samba_dnsupdate", line 119, in get_credentials > creds.get_named_ccache(lp, ccachename) > RuntimeError: kinit for [email protected] failed (Cannot contact > any KDC for requested realm) > > and again the different error message with kinit: > > [..] > > But the account is in the Kerberus DB: > > root@linsrv:~# klist -k /etc/krb5.keytab Keytab name: > FILE:/etc/krb5.keytab KVNO Principal > ---- > -------------------------------------------------------------------------- > 1 [email protected] > 1 [email protected] > 1 [email protected] > [...] -- Thomas Zeitinger Kundenbetreuung IT-Quadrat EDV Dienstleistungs- und Handels GmbH Krongasse 8/2 A-1050 Wien Tel: +43 (1) 311 44 00 - 10 Fax: +43 (1) 311 44 00 - 90 [email protected] www.it2.at FN 287345t UID ATU63123113 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
