[Samba] kerberos got crazy after ubuntu upgrade from 14.04 to 16.04

[Rowland Penny]

On Sun, 23 Apr 2017 11:40:45 +0200
Jakub Kulesza <jakkul+samba at gmail.com> wrote:

> OK, I've deleted everything what Rowland suggested. THANKS
> 
> Now smb.conf looks like this
> 
> [netlogon]
>   path = /var/local/samba/var/lib/samba/netlogon
> #path = /var/lib/samba/sysvol/biuro.domain/scripts

Put netlogon back into sysvol and what happened to the 'sysvol' share ?

> read only = No
 guest ok = yes <-- remove this

> 
> The result - the same. logging on a win2008 with user jkadmin gives
> the following:
> 
> Apr 23 11:37:36 pdc krb5kdc[656]: AS_REQ (6 etypes {18 17 23 24 -135
> 3}) 192.168.0.139: CLIENT_NOT_FOUND: jkadmin at biuro.domain.pl for
> krbtgt/ biuro.domain.pl at biuro.domain.pl, Client not found in Kerberos
> database Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
> Apr 23 11:37:36 pdc krb5kdc[656]: DISPATCH: repeated (retransmitted?)
> request from 192.168.0.139, resending previous response
> Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
> Apr 23 11:37:36 pdc krb5kdc[656]: TGS_REQ (5 etypes {18 17 23 24
> -135}) 192.168.0.139: PROCESS_TGS: authtime 0,  <unknown client> for
> krbtgt/ BIURO.domain.PL at BIURO.domain.PL, Bad encryption type
> Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
> Apr 23 11:37:36 pdc krb5kdc[656]: AS_REQ (5 etypes {23 -133 -128 24
> -135}) 192.168.0.139: CLIENT_NOT_FOUND: anadrol$@BIURO.domain.PL for
> krbtgt/ BIURO.domain.PL at BIURO.domain.PL, Client not found in Kerberos
> database Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
> Apr 23 11:37:36 pdc krb5kdc[656]: DISPATCH: repeated (retransmitted?)
> request from 192.168.0.139, resending previous response
> Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
> Apr 23 11:37:36 pdc krb5kdc[656]: TGS_REQ (5 etypes {18 17 23 24
> -135}) 192.168.0.139: PROCESS_TGS: authtime 0,  <unknown client> for
> krbtgt/ BIURO.domain.PL at BIURO.domain.PL, Bad encryption type
> Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
> Apr 23 11:37:36 pdc krb5kdc[656]: AS_REQ (5 etypes {23 -133 -128 24
> -135}) 192.168.0.139: CLIENT_NOT_FOUND: anadrol$@BIURO.domain.PL for
> krbtgt/ BIURO.domain.PL at BIURO.domain.PL, Client not found in Kerberos
> database Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
> Apr 23 11:37:36 pdc krb5kdc[656]: DISPATCH: repeated (retransmitted?)
> request from 192.168.0.139, resending previous response
> Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
> Apr 23 11:37:36 pdc krb5kdc[656]: TGS_REQ (5 etypes {18 17 23 24
> -135}) 192.168.0.139: PROCESS_TGS: authtime 0,  <unknown client> for
> LDAP/ pdc.biuro.domain.pl/biuro.domain.pl at BIURO.domain.PL, Bad
> encryption type Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
> 
> funny thing, with ads testjoin

You do not test a DC like that, did you actually join the Samba AD DC
with samba-tool ?

Rowland