[Samba] ssh kerberos auth not working after some weeks

David Feurle david.feurle at sodgeit.de
Thu Jun 19 03:07:13 MDT 2014


We have several linux computers (with different distributions) in a 
samba4 domain. All computers are domain members and the domain users can 
login to the different machines via pam and winbind3/4.
A user that is authenticated on one machine automatically receives a 
kerberos ticket and can login via ssh to another machine using this 
kerberos ticket.

This setup works fine for some weeks until the ssh server logs this error

debug1: userauth-request for user feurleda service ssh-connection method 
gssapi-with-mic [preauth]
debug1: attempt 1 failures 0 [preauth]
Postponed gssapi-with-mic for feurleda from 10.0.1.73 port 33142 ssh2 
[preauth]
debug1: Unspecified GSS failure.  Minor code may provide more information
Wrong principal in request

to make the ssh login via kerberos work again I need to issue the 
following command

net ads keytab create -U Administrator

after issuing this it works again for some days/weeks.
How can I fix this problem what is it that I am missing?

Best regards,

David Feurle

-- 
sodge IT GmbH
Adlerstraße 5
72336 Balingen

Mail: david.feurle at sodgeit.de
Mobil:   +49-176-64616031

URL: http://www.sodgeit.de
Telefon: +49-7433-95 59 28 4
Telefon: +49-7433-27 52 36
Fax:     +49-7433-51 32
---
Sitz der Gesellschaft: Balingen
Registergericht: Amtsgericht Stuttgart HRB 740109
Geschäftsführer: Matthias Ehinger / David Feurle / Götz Martinek




More information about the samba mailing list