[Samba] Strange Kerberos issue

Lars Hanke debian at lhanke.de
Wed Sep 10 15:32:49 MDT 2014

I run two Kerberos services in my network. The current production system 
on domain @OLD using plain MIT and the upcoming samba4 server on domain 
@AD.MICROSULT.DE. With both domains in the krb5.conf I can get tickets 
from either domain.

However, I just try to setup a notebook as a reference system for the 
workstation migration. Getting a ticket from samba4 fails:

kinit Administrator at AD.MICROSULT.DE
kinit: Generic preauthentication failure while getting initial credentials

The same command using the same password on another workstation works 
fine. Also issuing kinit user at OLD on the notebook succeeds. Using a 
username, which does not exist in the AD fails with a different error 
message, i.e. it seems to actually speak to the AD.

Any idea what to check? /etc/krb5.conf looks the same on both systems.

Kind regards,
  - lars.

More information about the samba mailing list