[Samba] samba 3.6.16 and kinit
Eugene M. Zheganin
eugene at zhegan.in
Fri Aug 16 01:03:17 MDT 2013
Hi.
On 22.07.2013 16:28, Eugene M. Zheganin wrote:
> When I'm trying to join a machine to a domain via ADS I get
> "kerberos_kinit_password dca at NORMA.COM failed: Looping detected inside
> krb5_get_in_tkt". In the same time plain "kinit dca at NORMA.COM" from a
> console gives me a ticket without errors. Is this a bug (so I should
> report it) or can this still be some misconfiguration on my side ? I'm
> doing this on testparm-approved config file from 3.5.x.
>
> P.S. FreeBSD 10.0-CURRENT.
>
After not having luck with ntlm_auth in samba4, I decided to return and
to investigate this problem.
In wireshark I see that this looping is actually a sequence of
exchanges AS-REQ -> KRB5KDC_ERR_PREAUTH_REQUIRED. After two tries I got
this (looping detected ...) error from kinit.
What is the reason of samba kinit not preauthenticating (while FreeBSD's
kinit does, because it works) ?
Plus, after each joining retry I got in 'Active directory users in
computers' a new machine account from this samba instance (does this
mean it has actually joined ?).
below is the link to a -d 10 output from the net ads join:
http://tech.hq.norma.perm.ru/files/join.log
Thanks.
Eugene.
More information about the samba
mailing list