I ran ------------- ./adprincadd.pl -dc DV-STAFF-DC.MSB.PRIV fcsvr/BV-XSERVE1.MSB.PRIV Getting kerberos principal for computer account Kerberos principal is bv-xserve1$@MSB.PRIV Getting computer id...bv-xserve1 Getting AD Domain...msb.priv Base DN is dc=msb,dc=priv getting kerb ticket using bv-xserve1$@MSB.PRIV...Successfully got ticket SASL-bind to DV-STAFF-DC.MSB.PRIV successful Computer record is at CN=bv-xserve1,OU=Servers,DC=msb,DC=priv Checking to see if fcsvr/bv-xserve1.msb.priv exists...yes! Note! Service principal fcsvr/bv-xserve1.msb.priv already exists in CN=bv-xserve1,OU=Servers,DC=msb,DC=priv. Skipping creation in AD. Finding kvno...2 Reading /etc/krb5.keytab...done. Creating new keytab file...done. Writing out temporary keytab...done. Making backup of old keytab and moving new keytab into place...done. Operation Completed. You can verify with "kinit <ad user>; kvno -k /etc/krb5.keytab fcsvr/bv-xserve1.msb.priv" --------
then went to check it with
-------- kinit joeswenson; kvno -k /etc/krb5.keytab fcsvr/bv-xserve1.msb.priv Please enter the password for joeswenson@MSB.PRIV: fcsvr/bv-xserve1.msb.priv@MSB.PRIV: kvno = 2, keytab entry invalid kvno: Permission denied while decrypting ticket for 'fcsvr/bv-xserve1.msb.priv@MSB.PRIV'
I tried enabling DES encryption on my test account and it did nothing to help.