keytab auth against samba 4 DC: Client not found in Kerberos database while getting initial credentials

ubuntu active-directory kerberos samba4

Finally - I got it!

The

samba-tool spn add ...

does not (re)name the UPN as expected in the directory. I found it by comparing with MS ADS entries. So the work around is to change the value by hand before issuing the exportkeytab command:

Open the service user entry with a ldap-tool (I used Apache Directory Studio) and
find the just created user Edit "userPrincipalName" to reflect servicePrincipleName + REALM (in my case http/[email protected])
export keytab and everything works as expected

on the target machine

kinit -k -t http/myserver.mycompany.com

works without any complains! Hopefully this helps others trying to setup SSO with Samba4 ...

Related

Authentication via RADIUS : MSCHAPv2 Error 691

grubby fatal error: unable to find a suitable template

Postfix: selecting relay host based on From: mail header rather than envelope sender

NetworkService account access to a shared folder (WinSrv 2012R2)

Force automatic restart even with users logged in after installation of updates on Windows 8.1 Professional

Windows Server 2012 – Full support for case sensitive file and directory names?

How can I use openssl to get results from HTTP GET requests?

Can't access cn=config through Apache Directory Studio GUI

How can RAID deal with inconsistent data?

What these strange TXT records in my default OVH DNS config mean

In an rsync, how do I exclude all directories that match a pattern?

Can ZFS using snaphots replace DRBD using sync protocol A?

Recent Posts

org.apache.kafka.common.errors.TimeoutException: Topic not present in metadata after 60000 ms

Why my code runs infinite time when i entered non integer type in c++ [duplicate]

How to retrieve Instagram username from User ID?

Serverless Framework - Variables resolution error

How do we access a file in github repo inside our azure databricks notebook