[Samba] kerberos got crazy after ubuntu upgrade from 14.04 to 16.04
Andrew Bartlett
abartlet at samba.org
Sun Apr 23 10:39:20 UTC 2017
On Sun, 2017-04-23 at 09:39 +0200, Jakub Kulesza via samba wrote:
> this is what kerberos throws in auth.log when I try to log in with a
> win2008 client:
>
> Apr 23 09:17:38 pdc kadmind[610]: closing down fd 31
> Apr 23 09:17:55 pdc krb5kdc[643]: AS_REQ (6 etypes {18 17 23 24 -135
> 3})
> 192.168.0.139: CLIENT_NOT_FOUND: qubix at GPMV for krbtgt/GPMV at GPMV,
> Client
> not found in Kerberos database
> Apr 23 09:17:55 pdc krb5kdc[643]: closing down fd 15
> Apr 23 09:17:56 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
> -135})
> 192.168.0.139: PROCESS_TGS: authtime 0, <unknown client> for
> krbtgt/BIURO.domain at BIURO.domain, Bad encryption type
> Apr 23 09:17:56 pdc krb5kdc[643]: closing down fd 15
> Apr 23 09:17:56 pdc krb5kdc[643]: AS_REQ (5 etypes {23 -133 -128 24
> -135})
> 192.168.0.139: CLIENT_NOT_FOUND: anadrol$@BIURO.domain for
> krbtgt/BIURO.domain at BIURO.domain, Client not found in Kerberos
> database
> Apr 23 09:17:56 pdc krb5kdc[643]: closing down fd 15
> Apr 23 09:17:57 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
> -135})
> 192.168.0.139: PROCESS_TGS: authtime 0, <unknown client> for
> krbtgt/BIURO.domain at BIURO.domain, Bad encryption type
> Apr 23 09:17:57 pdc krb5kdc[643]: closing down fd 15
> Apr 23 09:17:57 pdc krb5kdc[643]: AS_REQ (5 etypes {23 -133 -128 24
> -135})
> 192.168.0.139: CLIENT_NOT_FOUND: anadrol$@BIURO.domain for
> krbtgt/BIURO.domain at BIURO.domain Client not found in Kerberos
> database
> Apr 23 09:17:57 pdc krb5kdc[643]: closing down fd 15
> Apr 23 09:17:57 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
> -135})
> 192.168.0.139: PROCESS_TGS: authtime 0, <unknown client> for
> LDAP/pdc.biuro.domain/biuro.domain at BIURO.domain, Bad encryption type
> Apr 23 09:17:57 pdc krb5kdc[643]: closing down fd 15
Somehow you have started MIT krb5 and not Samba on your server. It is
handling port 88 (kerberos) and is very confused.
Stop the MIT KDC process, and restart samba.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list