[Samba] [Samba4] KDC

Stefan Gohmann gohmann at univention.de
Wed Apr 25 14:01:20 GMT 2007 

Hello,

I've installed a samba4 server and now I've tried to get a kerberos ticket, 
like this:
base:/usr/local/samba# kinit stefan
stefan at SAMBA4.LOCAL's Password:
kinit: converting creds: Invalid argument

I'm using heimdal-clients (0.6.3) and samba4 svn r22508. My krb5.conf test 
configuration:
[libdefaults]
        default_realm = SAMBA4.LOCAL
        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true

[realms]
SAMBA4.LOCAL = {
        kdc = base.samba4.local
        admin_server = base.samba4.local
}



If I start samba with "-i -d 2" I got this log:
...
Kerberos: AS-REQ stefan at SAMBA4.LOCAL from 10.201.20.1 for 
krbtgt/SAMBA4.LOCAL at SAMBA4.LOCAL
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- stefan at SAMBA4.LOCAL
Kerberos: AS-REQ stefan at SAMBA4.LOCAL from 10.201.20.1 for 
krbtgt/SAMBA4.LOCAL at SAMBA4.LOCAL
Kerberos: Client sent patypes: encrypted-timestamp, encrypted-timestamp, 
encrypted-timestamp, encrypted-timestamp, encrypted-timestamp, 
encrypted-timestamp, encrypted-timestamp, encrypted-timestamp, 
encrypted-timestamp, encrypted-timestamp, encrypted-timestamp, 
encrypted-timestamp
Kerberos: Looking for PKINIT pa-data -- stefan at SAMBA4.LOCAL
Kerberos: Looking for ENC-TS pa-data -- stefan at SAMBA4.LOCAL
Kerberos: No client key matching pa-data (des3-cbc-sha1) -- 
stefan at SAMBA4.LOCAL
Kerberos: No client key matching pa-data (des3-cbc-md5) -- stefan at SAMBA4.LOCAL
Kerberos: ENC-TS Pre-authentication succeeded -- stefan at SAMBA4.LOCAL using 
arcfour-hmac-md5
Kerberos: Client supported enctypes: des3-cbc-sha1, des3-cbc-md5, 
arcfour-hmac-md5, des-cbc-md5, des-cbc-md4, des-cbc-crc
Kerberos: Using arcfour-hmac-md5/arcfour-hmac-md5
Kerberos: Requested flags: renewable, proxiable, forwardable
Kerberos: AS-REQ authtime: 2007-04-25T17:50:05 starttime: unset endtime: 
2007-04-26T03:50:05 renew till: 2007-05-25T17:50:05
Kerberos: TGS-REQ stefan at SAMBA4.LOCAL from 10.201.20.1 for 
krbtgt/SAMBA4.LOCAL at SAMBA4.LOCAL
Kerberos: check_PAC check failed for krbtgt/SAMBA4.LOCAL at SAMBA4.LOCAL 
(stefan at SAMBA4.LOCAL) from 10.201.20.1 with Invalid argument
Kerberos: Failed building TGS-REP to 10.201.20.1
...

Any tips?

Cheers
Stefan

-- 
Stefan Gohmann         Entwicklung              gohmann at univention.de
Univention GmbH        Linux for your Business  fon: +49 421 22 232- 0
Mary-Somerville-Str.1  28359 Bremen             fax: +49 421 22 232-99
                       http://www.univention.de

More information about the samba mailing list