No subject
Fri Aug 20 08:29:19 MDT 2010
Kerberos: AS-REQ imap at NYCCNET.COM from ipv4:192.168.1.1:35768 for krbtgt/N=
YCCNET.COM at NYCCNET.COM
Kerberos: Client sent patypes: 149
Kerberos: Looking for PKINIT pa-data -- imap at NYCCNET.COM
Kerberos: Looking for ENC-TS pa-data -- imap at NYCCNET.COM
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- imap at NYCCNET.COM
Kerberos: AS-REQ imap at NYCCNET.COM from ipv4:192.168.1.1:42155 for krbtgt/N=
YCCNET.COM at NYCCNET.COM
Kerberos: Client sent patypes: encrypted-timestamp, 149
Kerberos: Looking for PKINIT pa-data -- imap at NYCCNET.COM
Kerberos: Looking for ENC-TS pa-data -- imap at NYCCNET.COM
Kerberos: ENC-TS Pre-authentication succeeded -- imap at NYCCNET.COM using ar=
cfour-hmac-md5
Kerberos: AS-REQ authtime: 2010-09-04T19:11:42 starttime: unset endtime:=
2010-09-05T19:11:38 renew till: unset
Kerberos: Client supported enctypes: arcfour-hmac-md5, des3-cbc-sha1, usin=
g arcfour-hmac-md5/arcfour-hmac-md5
Kerberos: Requested flags: renewable-ok, forwardable
Huh? The user is setup as follows:
# imap, Users, nyccnet.com
dn: CN=3Dimap,CN=3DUsers,DC=3Dnyccnet,DC=3Dcom
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: imap
instanceType: 4
whenCreated: 20100904194941.0Z
uSNCreated: 3733
name: imap
objectGUID:: OeoAkyqI4EqVZLGCH++EBw=3D=3D
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAB5qH5U1ju95FMhowZgQAAA=3D=3D
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: imap
sAMAccountType: 805306368
objectCategory: CN=3DPerson,CN=3DSchema,CN=3DConfiguration,DC=3Dnyccnet,DC=
=3Dcom
pwdLastSet: 129281033810000000
userAccountControl: 512
servicePrincipalName: imap/laxmi.nyccnet.com at NYCCNET.COM
whenChanged: 20100904195025.0Z
uSNChanged: 3737
distinguishedName: CN=3Dimap,CN=3DUsers,DC=3Dnyccnet,DC=3Dcom
Then retry your kinit.=20
=20
In case I forget to tell you: I retried this week ktpass.sh and it just wo=
rks on my setup, I was able to generate keytabs for the http kerberos auth=
entification so if you have a pb it's either because you didn't type the=
password correctly or because the problem is somewhere else.=20
=20
Matthieu.=20
=20
I am beginning to think that this is an Ubuntu problem. May I know what OS=
are you using? Mine is Ubuntu Lucid 10.04 and kerberos version is 1.8.1+d=
fsg-2ubuntu0.2. I have a feeling that kerberos in Uubntu Lucid is too ble=
eding edge, or else it is broken.
Thanks!
More information about the samba-technical
mailing list