When running the /usr/sbin/adkeytab command, the following error occurs. What does this mean?
# sudo ./adkeytab -A -w password krusty -l --keytab krusty.keytab --samname krusty
Error: The account name does not match the SAM account name. You must supply both on the command line.
Failed: Adopt Account: krusty
Note: In the above -A means Adopt, krusty is the username -l means local and -w is the password which has to be typed in the clear (this is a known issue). Please see man pages for adkeytab command for all the flags.
This can happen if the CN (Canonical name) does not match the SAM account name. In this case, the CN was "Krusty T. Clown" and not krusty (sam account name). In the case where the sAMAccountName is different than the common name for the account, you must also supply the sAMAccountName.The mis-match can be verfied by running adquery user -A "username" or running ldapsearch.
You can modify the adkeytab as follows:
#/usr/sbin/adkeytab --A -l --keytab krusty.keytab -w password -S krusty "Krusty T. Crown"
This will ensure the adkeytab command to run successfully.