[Samba] winbindd_raw_kerberos_login: kinit failed

Anders.Strandberg at tietoenator.com Anders.Strandberg at tietoenator.com
Tue Dec 19 16:47:42 GMT 2006


As a follow-up:

The problem exists with the setup below :  

OS: Linux (e.g. NLD9/SLED10) 
Samba: samba-3.0.23d compiled with heimdal-0.7.1
Pam_krb5 is installed.
Pam-modules-line: auth    sufficient      pam_winbind.so use_first_pass
krb5_auth krb5_ccache_type=FILE cached_login
AD-server: Win 2003 with R2 

The indicating error message : 

winbindd_raw_kerberos_login: kinit failed for 'myuser at MYDOMAIN.COM'
with: Invalid argument (22)

I believe that this should work , i.e. kereberos cached login with
winbind towards AD 2003 ?
As far as I can see, kinit and klist works from command line, but not
from winbind. From the winbind log it seems that winbind/kinit looks for
the correct cache-file :

kerberos_kinit_password: using FILE:/tmp/krb5cc_55555 as ccache

This file does not exist, but is not created either, and subsequently
not possible to remove.

Is there anybody who could shed light on this this ?


-----Original Message-----
From: samba-bounces+anders.strandberg=tietoenator.com at lists.samba.org
[mailto:samba-bounces+anders.strandberg=tietoenator.com at lists.samba.org]
On Behalf Of Anders.Strandberg at tietoenator.com
Sent: den 14 december 2006 18:39
To: samba at lists.samba.org
Subject: [Samba] winbindd_raw_kerberos_login: kinit failed 

I have set up  Samba 3.0.23d on Linux Suse NLD9  with AD idmap backend
with security = ads and rfc2307.
At every login there is a log message in log.wb-MYDOMAIN :
[2006/12/14 17:46:51, 1]
  winbindd_raw_kerberos_login: kinit failed for 'myuser at MYDOMAIN.COM'
with: Invalid argument (22)
with debug level 10:
winbindd_dual_pam_auth: domain: MYDOMAIN last was online
is_myname("MYDOMAIN") returns 0
using ccache: FILE:/tmp/krb5cc_55555
winbindd_raw_kerberos_login: uid is 55555
kerberos_kinit_password: using FILE:/tmp/krb5cc_55555 as ccache
winbindd_raw_kerberos_login: kinit failed for 'myuser at MYDOMAIN.COM'
with: Invalid argument (22)
winbindd_raw_kerberos_login: could not remove ccache
winbindd_dual_pam_auth_kerberos failed: NT_STATUS_UNSUCCESSFUL

Obviously winbindd_raw_kerberos login fails. 
I suppose it is some call in kerberos_kinit_password_ext that returns
with error , but I have not found which one . 
The question is what argument is invalid, tcpdump gives some info on
Unknown encryption types 0x11 and 0x12, and failed preauthentication.
Login succeeds eventually, but this is samlogon.
Does anyone have a hint about this or how to troubleshoot it further.
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list