Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error with keytab #1817

Open
mrPsycho opened this Issue Aug 8, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@mrPsycho
Copy link

mrPsycho commented Aug 8, 2018

Hello,
i'm getting this error after upgrading from 5.0 to 5.1:

Aug  8 17:05:44 zentyal kernel: [9526897.938401] audit: type=1400 audit(1533737144.940:415590): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/var/lib/samba/private/secrets.keytab" pid=13762 comm="ldap_child" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug  8 17:05:44 zentyal kernel: [9526897.938472] audit: type=1400 audit(1533737144.940:415591): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/var/lib/samba/private/secrets.keytab" pid=13762 comm="ldap_child" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug  8 17:05:44 zentyal [sssd[ldap_child[13762]]]: Failed to initialize credentials using keytab [MEMORY:/var/lib/samba/private/secrets.keytab]: Client 'DNS/zentyal.domain.local@DOMAIN.LOCAL' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection.
Aug  8 17:05:44 zentyal [sssd[ldap_child[13762]]]: Client 'DNS/zentyal.domain.local@DOMAIN.LOCAL' not found in Kerberos database
Aug  8 17:05:44 zentyal [sssd[ldap_child[13763]]]: Failed to initialize credentials using keytab [MEMORY:/var/lib/samba/private/secrets.keytab]: Client 'DNS/zentyal.domain.local@DOMAIN.LOCAL' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection.
Aug  8 17:05:44 zentyal [sssd[ldap_child[13763]]]: Client 'DNS/zentyal.domain.local@DOMAIN.LOCAL' not found in Kerberos database
Aug  8 17:05:44 zentyal kernel: [9526897.984857] audit: type=1400 audit(1533737144.988:415592): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/var/lib/samba/private/secrets.keytab" pid=13763 comm="ldap_child" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug  8 17:05:44 zentyal kernel: [9526897.984938] audit: type=1400 audit(1533737144.988:415593): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/var/lib/samba/private/secrets.keytab" pid=13763 comm="ldap_child" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

why?
how to fix this keytab?

@mrPsycho

This comment has been minimized.

Copy link
Author

mrPsycho commented Nov 19, 2018

problem persists on 6.0:

root@zentyal:/home/user# tail -f /var/log/zentyal/zentyal.log
EBox::Module::Service::restartService('EBox::Samba=HASH(0x5582c9765658)', 'restartModules', 1) called at /usr/share/perl5/EBox/Util/Init.pm line 121
eval {...} at /usr/share/perl5/EBox/Util/Init.pm line 119
EBox::Util::Init::moduleAction('samba', 'restartService', 'restart') called at /usr/share/perl5/EBox/Util/Init.pm line 247
EBox::Util::Init::moduleRestart('samba') called at /usr/bin/zs line 62
main::main at /usr/bin/zs line 82
2018/11/19 15:31:38 INFO> Service.pm:965 EBox::Module::Service::restartService - Restarting service for module: webadmin
2018/11/19 15:31:40 INFO> Service.pm:965 EBox::Module::Service::restartService - Restarting service for module: logs
2018/11/19 15:32:46 INFO> GlobalImpl.pm:616 EBox::GlobalImpl::saveAllModules - Saving config and restarting services: firewall dns dhcp
2018/11/19 15:32:46 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns
2018/11/19 15:32:52 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2018/11/19 15:33:02 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command kinit -k -t /var/lib/samba/private/dns.keytab dns-ZENTYAL failed. 
Error output: kinit: krb5_init_creds_set_keytab: Failed to find dns-ZENTYAL@DOMAIN.LOCAL in keytab FILE:/var/lib/samba/private/dns.keytab (unknown enctype)

Command output: . 
Exit value: 1 at root command kinit -k -t /var/lib/samba/private/dns.keytab dns-ZENTYAL failed. 
Error output: kinit: krb5_init_creds_set_keytab: Failed to find dns-ZENTYAL@DOMAIN.LOCAL in keytab FILE:/var/lib/samba/private/dns.keytab (unknown enctype)

Command output: . 
Exit value: 1 at /usr/share/perl5/EBox/Sudo.pm line 240
EBox::Sudo::_rootError('/usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/GaYEmbxjS_.cmd 2> /var/lib/zentyal/tmp/stderr', 'kinit -k -t /var/lib/samba/private/dns.keytab dns-ZENTYAL', 256, 'ARRAY(0x560d795d3480)', 'ARRAY(0x560d74c28f30)') called at /usr/share/perl5/EBox/Sudo.pm line 210
EBox::Sudo::_root(1, 'kinit -k -t /var/lib/samba/private/dns.keytab dns-ZENTYAL') called at /usr/share/perl5/EBox/Sudo.pm line 153
EBox::Sudo::root('kinit -k -t /var/lib/samba/private/dns.keytab dns-ZENTYAL') called at /usr/share/perl5/EBox/DNS.pm line 963
EBox::DNS::_postServiceHook('EBox::DNS=HASH(0x560d77d36b38)', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 948
EBox::Module::Service::_regenConfig('EBox::DNS=HASH(0x560d77d36b38)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::DNS=HASH(0x560d77d36b38)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 648
eval {...} at /usr/share/perl5/EBox/GlobalImpl.pm line 647
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x560d73731d40)', 'progress', 'EBox::ProgressIndicator=HASH(0x560d72d15c38)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x560d76de43d8)', 'progress', 'EBox::ProgressIndicator=HASH(0x560d72d15c38)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
2018/11/19 15:33:02 ERROR> GlobalImpl.pm:652 EBox::GlobalImpl::saveAllModules - Failed to save changes in module dns: root command kinit -k -t /var/lib/samba/private/dns.keytab dns-ZENTYAL failed. 
Error output: kinit: krb5_init_creds_set_keytab: Failed to find dns-ZENTYAL@DOMAIN.LOCAL in keytab FILE:/var/lib/samba/private/dns.keytab (unknown enctype)

Command output: . 
Exit value: 1
2018/11/19 15:33:02 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dhcp
2018/11/19 15:33:06 ERROR> GlobalImpl.pm:727 EBox::GlobalImpl::saveAllModules - The following modules failed while saving their changes, their state is unknown: dns  at The following modules failed while saving their changes, their state is unknown: dns  at /usr/share/perl5/EBox/GlobalImpl.pm line 727
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x560d73731d40)', 'progress', 'EBox::ProgressIndicator=HASH(0x560d72d15c38)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x560d76de43d8)', 'progress', 'EBox::ProgressIndicator=HASH(0x560d72d15c38)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30

can't update any configuration from GUI, can't add new PC's to AD.

@Neustradamus

This comment has been minimized.

Copy link

Neustradamus commented Nov 19, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.