Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Emel

Pages: [1]
Hello Zentyal Experts,

I have a Zentyal 4.2 box installed. I was having trouble adding a vdomain and creating mail accounts for my users. Tracking down the problem, it looks like Zentyal could not connect to AD Schema Master because of an underlying Kerberos error.


Mar 22 10:13:47 acme-sbs [sssd[ldap_child[3137]]]: Failed to initialize credentials using keytab [/var/lib/samba/private/secrets.keytab]: Client 'host/' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection.
Mar 22 10:13:47 acme-sbs [sssd[ldap_child[3137]]]: Client 'host/' not found in Kerberos database

    services = nss, pam
    config_file_version = 2
    domains =

    entry_negative_timeout = 0
    debug_level = 5

    debug_level = 5

    debug_level = 5
    enumerate = false

    id_provider = ad
    auth_provider = ad
    chpass_provider = ad
    access_provider = ad

    dyndns_update = false

    ad_hostname =
    ad_server =
    ad_domain =

    ldap_schema = ad
    ldap_id_mapping = false

    fallback_homedir = /home/%u
    default_shell = /bin/bash

    ldap_sasl_mech = gssapi
    ldap_sasl_authid = host/
    krb5_keytab = /var/lib/samba/private/secrets.keytab
    ldap_krb5_init_creds = true

Dumping the ldap enries, I see the following host principal:

# ACME-SBS, Domain Controllers,
dn: CN=ACME-SBS,OU=Domain Controllers,DC=acme,DC=com,DC=tr
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
instanceType: 4
whenCreated: 20160229092454.0Z
uSNCreated: 3583
name: ACME-SBS
objectGUID:: 3kh1EyJJmEee3MFfukT6Qw==
userAccountControl: 532480
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
localPolicyFlags: 0
primaryGroupID: 516
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: ACME-SBS$
sAMAccountType: 805306369
operatingSystem: Samba
operatingSystemVersion: 4.3.4-Zentyal
objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=acme,DC=com,DC=tr
isCriticalSystemObject: TRUE
rIDSetReferences: CN=RID Set,CN=ACME-SBS,OU=Domain Controllers,DC=acme,DC=com,
serverReferenceBL: CN=ACME-SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,
servicePrincipalName: HOST/
servicePrincipalName: HOST/
servicePrincipalName: ldap/
servicePrincipalName: GC/
servicePrincipalName: ldap/
servicePrincipalName: HOST/
servicePrincipalName: ldap/
servicePrincipalName: HOST/ACME-SBS
servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/e948fc77-1db9-46f1-
servicePrincipalName: ldap/
servicePrincipalName: ldap/ACME-SBS
servicePrincipalName: RestrictedKrbHost/ACME-SBS
servicePrincipalName: RestrictedKrbHost/
servicePrincipalName: ldap/
servicePrincipalName: ldap/
servicePrincipalName: SMTP/
lastLogonTimestamp: 131019922218908640
msDS-SupportedEncryptionTypes: 28
whenChanged: 20160310131001.0Z
pwdLastSet: 131020890010000000
uSNChanged: 4063
lastLogon: 131021716497415830
distinguishedName: CN=ACME-SBS,OU=Domain Controllers,DC=acme,DC=com,DC=tr

Any idea how to fix this issue?

Thanks in advance,

Pages: [1]