11701 – samba-tool exportkeytab does not create keytab if destination file. No error sent.

Bug 11701 - samba-tool exportkeytab does not create keytab if destination file. No error sent.

Summary: samba-tool exportkeytab does not create keytab if destination file. No error ...

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Tools (show other bugs)
Version:	4.3.3
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Andrew Bartlett
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-01-28 14:37 UTC by mathias.dufresne
Modified:	2021-04-23 08:02 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description mathias.dufresne 2016-01-28 14:37:47 UTC

samba-tool exportkeytab does not create keytab if destination file exists and no error message is sent.

------------------------------------------------------------------------------
dc107:~# date +%Y%m%d-%H%M%S
20160128-152746
dc107:~# samba-tool domain exportkeytab /opt/initial_setup/administrator.keytab --principal=administrator
dc107:~# ll /opt/initial_setup/administrator.keytab
-rw------- 1 root root 427 27 janv. 12:11 /opt/initial_setup/administrator.keytab

** Destination file is still dated from previous day.

dc107:~# kinit  -V -k -t /opt/initial_setup/administrator.keytab administrator
Using default cache: /tmp/krb5cc_0
Using principal: administrator@AD.DGFIP.FINANCES.GOUV.FR
Using keytab: /opt/initial_setup/administrator.keytab
kinit: Preauthentication failed while getting initial credentials

** kinit is not working: keytab was not generated.

dc107:~# rm /opt/initial_setup/administrator.keytab
dc107:~# samba-tool domain exportkeytab /opt/initial_setup/administrator.keytab --principal=administrator
dc107:~# ll /opt/initial_setup/administrator.keytab
-rw------- 1 root root 427 28 janv. 15:28 /opt/initial_setup/administrator.keytab

** Here the keytab has been created as file was removed before launching the command

dc107:~# kinit  -V -k -t /opt/initial_setup/administrator.keytab administrator
Using default cache: /tmp/krb5cc_0
Using principal: administrator@AD.DGFIP.FINANCES.GOUV.FR
Using keytab: /opt/initial_setup/administrator.keytab
Authenticated to Kerberos v5

** and of course now kinit works.

dc107:~# samba --version
Version 4.3.3-compiled_for_Centos7
------------------------------------------------------------------------------

Comment 1 Rowland Penny 2021-04-23 08:02:01 UTC

It works for me on 4.14.2:

# export keytab
pi@rpidc1:~ $ sudo samba-tool domain exportkeytab /opt/initial_setup/administrator.keytab --principal=administrator
Export one principal to /opt/initial_setup/administrator.keytab
pi@rpidc1:~ $ ls -l /opt/initial_setup/administrator.keytab
-rw------- 1 root root 252 Apr 22 13:37 /opt/initial_setup/administrator.keytab

# kinit as Administrator
pi@rpidc1:~ $ sudo kinit  -V -k -t /opt/initial_setup/administrator.keytab administrator
Using default cache: /tmp/krb5cc_0
Using principal: administrator@SAMDOM.EXAMPLE.COM
Using keytab: /opt/initial_setup/administrator.keytab
Authenticated to Kerberos v5
# Success

# following day, export keytab again without deleting /opt/initial_setup/administrator.keytab
pi@rpidc1:~ $ sudo samba-tool domain exportkeytab /opt/initial_setup/administrator.keytab --principal=administrator
Export one principal to /opt/initial_setup/administrator.keytab
pi@rpidc1:~ $ ls -l /opt/initial_setup/administrator.keytab
-rw------- 1 root root 252 Apr 23 08:53 /opt/initial_setup/administrator.keytab

# Kinit as Administrator
pi@rpidc1:~ $ sudo kinit  -V -k -t /opt/initial_setup/administrator.keytab administrator
Using default cache: /tmp/krb5cc_0
Using principal: administrator@SAMDOM.EXAMPLE.COM
Using keytab: /opt/initial_setup/administrator.keytab
Authenticated to Kerberos v5
# Success again