[Samba] RE: ads_kinit_password failed: Preauthentication failed

Lachlan Pollock lachlan.pollock at unimelb.edu.au
Mon Sep 4 00:54:17 GMT 2006 

Hi,

Thanks for the replies. I hope this reply ends in the right thread.
and I am sorry to Markus for hijacking your previous thread.

I have updated to version 3.0.23c, but the problem remains.

Thanks for the suggestions Aaron,
I am running ntp. The DC's are running something similar. We are
all synchronised off the same time servers.

Gerald (Jerry) Carter wrote...
>My guess is that there are multiple DCs and we are
>dealing with a period of inconsistency between DCs.

There are 7 DC's in the domain. Local DC's synchronise every 5 minutes,
but 4 of the DC's are on slower WAN links and only synchronise overnight.
(I am not sure what the collective noun for these things are)

My 'password server' host is the preferred DC. 

Here is one attempt from net ads testjoin -d 10...

[2006/09/04 10:42:00, 6] libads/ldap.c:ads_find_dc(224)
  ads_find_dc: looking for realm 'UNIMELB.EDU.AU'
[2006/09/04 10:42:00, 8] libsmb/namequery.c:get_sorted_dc_list(1551)
  get_sorted_dc_list: attempting lookup using [ads]
[2006/09/04 10:42:00, 10] lib/gencache.c:gencache_get(312)
  Cache entry with key = SAF/DOMAIN/UNIMELB.EDU.AU couldn't be found
[2006/09/04 10:42:00, 5] libsmb/namequery.c:saf_fetch(105)
  saf_fetch: failed to find server for "UNIMELB.EDU.AU" domain
[2006/09/04 10:42:00, 3] libsmb/namequery.c:get_dc_list(1426)
  get_dc_list: preferred server list: ", dc25.unimelb.edu.au"
[2006/09/04 10:42:00, 10] libsmb/namequery.c:internal_resolve_name(1132)
  internal_resolve_name: looking up dc25.unimelb.edu.au#20
[2006/09/04 10:42:00, 10] lib/gencache.c:gencache_get(287)
  Returning valid cache entry: key = NBT/DC25.UNIMELB.EDU.AU#20, value = 128.250.6.95:0, timeout = Mon Sep  4 10:52:34 2006
[2006/09/04 10:42:00, 5] libsmb/namecache.c:namecache_fetch(201)
  name dc25.unimelb.edu.au#20 found.
[2006/09/04 10:42:00, 10] libsmb/namequery.c:remove_duplicate_addrs2(408)
  remove_duplicate_addrs2: looking for duplicate address/port pairs
[2006/09/04 10:42:00, 4] libsmb/namequery.c:get_dc_list(1529)
  get_dc_list: returning 1 ip addresses in an ordered list
[2006/09/04 10:42:00, 4] libsmb/namequery.c:get_dc_list(1530)
  get_dc_list: 128.250.6.95:389
[2006/09/04 10:42:00, 5] libads/ldap.c:ads_try_connect(127)
  ads_try_connect: sending CLDAP request to 128.250.6.95 (realm: UNIMELB.EDU.AU)[2006/09/04 10:42:00, 10] libsmb/namequery.c:saf_store(71)
  saf_store: domain = [UNIMELB], server = [128.250.6.95], expire = [1157331420]
[2006/09/04 10:42:00, 10] lib/gencache.c:gencache_set(131)
  Adding cache entry with key = SAF/DOMAIN/UNIMELB; value = 128.250.6.95 and timeout = Mon Sep  4 10:57:00 2006
   (900 seconds ahead)
[2006/09/04 10:42:00, 3] libads/ldap.c:ads_connect(287)
  Connected to LDAP server 128.250.6.95
[2006/09/04 10:42:00, 4] libads/ldap.c:ads_current_time(2262)
  time offset is 0 seconds
[2006/09/04 10:42:00, 4] libads/sasl.c:ads_sasl_bind(468)
  Found SASL mechanism GSS-SPNEGO
[2006/09/04 10:42:00, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2006/09/04 10:42:00, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2006/09/04 10:42:00, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2006/09/04 10:42:00, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2006/09/04 10:42:00, 3] libads/sasl.c:ads_sasl_spnego_bind(219)
  ads_sasl_spnego_bind: got server principal name =dc25$@UNIMELB.EDU.AU
[2006/09/04 10:42:00, 3] libsmb/clikrb5.c:ads_krb5_mk_req(552)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2006/09/04 10:42:00, 10] libads/kerberos.c:kerberos_kinit_password_ext(89)
  kerberos_kinit_password: using MEMORY:net_ads as ccache
[2006/09/04 10:42:00, 0] libads/kerberos.c:ads_kinit_password(208)
  kerberos_kinit_password ARTEMISIA$@UNIMELB.EDU.AU failed: Preauthentication failed
[2006/09/04 10:42:00, 0] utils/net_ads.c:ads_startup(281)
  ads_connect: Preauthentication failed
Join to domain is not valid
[2006/09/04 10:42:00, 2] utils/net.c:main(988)
  return code = -1



Cheers


Lachlan
-- 
*************************************************************
Lachlan Pollock         mailto:lachlan.pollock at unimelb.edu.au
Systems Administrator, ArtsIT, Faculty of Arts
University of Melbourne, Victoria 3010, AUSTRALIA
*************************************************************

More information about the samba mailing list