Das habe ich alles schon probiert. Das Script create_spn_account.sh legt mir einen User zwar an, aber es wird keine keytab erstellt. Und am Ende kommt immer der Fehler “Entry already exists” obwohl der Benutzer vom Script gerade angelegt wurde.
root@s-vucs01:/var/lib/samba/private# /usr/share/univention-samba4/scripts/create_spn_account.sh --samaccountname 's-vas01_1_krbsvr400' --serviceprincipalname 'krbsvr400/s-vas01.realm.local' --privatekeytab 'as400.keytab'
params.c:pm_process() - Processing configuration file "/etc/samba/base.conf"
params.c:pm_process() - Processing configuration file "/etc/samba/installs.conf"
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf.d/homes"
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf.d/Holz-Vitis"
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf.d/IT"
params.c:pm_process() - Processing configuration file "/etc/samba/printers.conf"
params.c:pm_process() - Processing configuration file "/etc/samba/local.conf"
User 's-vas01_1_krbsvr400' created successfully
params.c:pm_process() - Processing configuration file "/etc/samba/base.conf"
params.c:pm_process() - Processing configuration file "/etc/samba/installs.conf"
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf.d/homes"
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf.d/IT"
params.c:pm_process() - Processing configuration file "/etc/samba/printers.conf"
params.c:pm_process() - Processing configuration file "/etc/samba/local.conf"
Expiry for user 's-vas01_1_krbsvr400' disabled.
params.c:pm_process() - Processing configuration file "/etc/samba/base.conf"
params.c:pm_process() - Processing configuration file "/etc/samba/installs.conf"
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf.d/homes"
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf.d/IT"
params.c:pm_process() - Processing configuration file "/etc/samba/printers.conf"
params.c:pm_process() - Processing configuration file "/etc/samba/local.conf"
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Modified 1 records successfully
params.c:pm_process() - Processing configuration file "/etc/samba/base.conf"
params.c:pm_process() - Processing configuration file "/etc/samba/installs.conf"
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf.d/homes"
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf.d/Holz-Vitis"
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf.d/IT"
params.c:pm_process() - Processing configuration file "/etc/samba/printers.conf"
params.c:pm_process() - Processing configuration file "/etc/samba/local.conf"
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
ERR: Entry already exists : "Entry samAccountName=s-vas01_1_krbsvr400,CN=Principals already exists" on DN samAccountName=s-vas01_1_krbsvr400,CN=Principals at block before line 10
Add failed after processing 0 records