I have now disjoined this box from the domain and stopped winbind. As I assumed, the msktutil-utility still does not work (same error: can't contact ldap-server). The server is accessible with port 389/636. Within a tcpdump, I see, that there is encrypted traffic from squid-proxy to the domain-controller on port 389 (instead of 636). Could the problem be a missing library? Did someone run this tool successfully on sles11? 2010/6/29 Henrik Nordström <henrik@xxxxxxxxxxxxxxxxxxx>: > tis 2010-06-29 klockan 07:39 +0200 skrev Tom Tux: > >> The computer-account already exists in the ad (joined with "net ads join"). > > Adding principals to a Samba maintained computer account is a little > tricky. I would recommend creating a new account and attach the > principal there. > > The main issue is that the key changes each time Samba updates the > computer account (ADS only have a single key per account, not per SPN) > >> proxy-test-01:/usr/local/mskutil-0.4/sbin # ktutil >> ktutil: rkt /etc/krb5.keytab >> ktutil: l >> slot KVNO Principal > > You need to tell it which keytab to look into. > > Regards > Henrik > >
