[Samba] krb5_kt_start_seq_get failed (Permission denied)
Yakov Revyakin
yrevyakin at gmail.com
Thu Jul 23 09:19:59 UTC 2020
Ubuntu 18.04 LTS
root is owner
In case of 644
d at uc-sm18:~$ sudo ls -la /etc/krb5.keytab
-rw-r--r-- 1 root root 1122 Jul 17 13:16 /etc/krb5.keytab
[global]
workgroup = SVITLA3
security = ADS
realm = SVITLA3.ROOM
winbind refresh tickets = Yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind enum users = yes
winbind enum groups = yes
winbind offline logon = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
log file = /var/log/samba/%m.log
log level = 1 auth:9 kerberos:9 winbind:9
debug timestamp = no
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config SVITLA3:backend = ad
idmap config SVITLA3:schema_mode = rfc2307
idmap config SVITLA3:range = 20000-29999
idmap config SVITLA3:unix_nss_info = yes
template shell = /bin/bash
template homedir = /home/%U
On Thu, 23 Jul 2020 at 11:10, Rowland penny via samba <samba at lists.samba.org>
wrote:
> On 23/07/2020 06:28, Yakov Revyakin via samba wrote:
> > On a DOMAIN Linux member in log.wb_DOMAIN I can see the error message
> > "krb5_kt_start_seq_get failed (Permission denied)" during any attempt of
> > user authentication.
> > In result a user is authenticated successfully. But what does this
> message
> > mean?
> >
> > My krb5.keytab has permissions 600 by default.
> > If I change its permissions to 644 the error message goes.
>
> For some reason, the keytab cannot be read, yet the '600' is correct,
> who owns it ? it should be 'root' (user 0)
>
> Can we see your smb.conf and can you also tell us what OS you are using ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list