[Samba] /etc/krb5.keytab and Preauthentication required

S.B. Seb.ADIO at gmx.de
Sun Jan 16 12:46:05 GMT 2005


Hello list,

In the release note of Samba 3.0.6 the following parameter is described:
 o Maintaining the service principal entry in the system 
    keytab for integration with other kerberized services.
    Please refer to the 'use kerberos keytab' entry in 
    smb.conf(5).  When using the heimdal kerberos libraries,
    you must also specify the following in /etc/krb5.conf:
    [libdefaults]
       default_keytab_name = FILE:/etc/krb5.keytab

I'm trying to do a kinit with the following command:

  kinit -k -c /etc/.ldapcache -S ldap/dc.example.com \  
  host/<host> && chmod a+r /etc/.ldapcache

I get the error that preauthentication failed. Joining a PC to a domain also works quite 
well. And the services are also working fine. I want to use the Machine-Account, to verfiy 
a GSSAPI-Login against an Openldap-Server with the PADL nss_ldap-Gateway and 
SASL login.

My Samba-Konfiguration:
[global]
	REALM = MY_REALM.NET
	security = ads
	use kerberos keytab = true

I also inserted the following to my heimdal configuration file:
	default_keytab_name = FILE:/etc/krb5.keytab

Can please someone help me, if I'm making a configuration mistake or something else?

I tested everything on a SuSE-Linux Professional 9.2 with Samba 3.0.9.

Greetings


S.B.


More information about the samba mailing list