expiration of user krbtgt was Re: samba4 Kerberos server and linux
computers
Matthieu Patou
mat at matws.net
Mon Jan 26 15:12:54 GMT 2009
On 01/12/2009 01:40 PM, Matthieu Patou wrote:
> Today i tried to change the password of my windows account from the
> command line using kpasswd on the domain controller.
> And it failed, in the log I had :
>
> Kerberos: AS-REQ mat at smb4.tst from 192.168.0.254 for
> kadmin/changepw at smb4.tst
> [Mon Jan 12 12:50:57 2009 MSK, 2
> auth/kerberos/krb5_init_context.c:74:smb_krb5_debug_wrapper()]
> Kerberos: Server's key has expired at -- 2008-09-07T10:52:53
>
> I extracted the lastSetPWD field and convert it into an human readable
> form I see that the expiration date corresponds to the domain
> controler's one.
>
> What can be done ?
>
> Btw I am running samba 4.0.0alpha6-GIT-37f4c70.
>
> Matthieu.
After some search it appears because of the expiration of user krbtgt,
using ldbedit and changing pwdLastSet to a fairly recent date (ie.
128774432490000000) makes kpasswd back to work.
Can the trick used for the non expiration of domain controller can be
used in this case as well ?
Matthieu.
More information about the samba-technical
mailing list