[Samba] kerberos got crazy after ubuntu upgrade from 14.04 to 16.04

Andrew Bartlett abartlet at samba.org
Sun Apr 23 10:39:20 UTC 2017 

On Sun, 2017-04-23 at 09:39 +0200, Jakub Kulesza via samba wrote:
> this is what kerberos throws in auth.log when I try to log in with a
> win2008 client:
> 
> Apr 23 09:17:38 pdc kadmind[610]: closing down fd 31
> Apr 23 09:17:55 pdc krb5kdc[643]: AS_REQ (6 etypes {18 17 23 24 -135
> 3})
> 192.168.0.139: CLIENT_NOT_FOUND: qubix at GPMV for krbtgt/GPMV at GPMV,
> Client
> not found in Kerberos database
> Apr 23 09:17:55 pdc krb5kdc[643]: closing down fd 15
> Apr 23 09:17:56 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
> -135})
> 192.168.0.139: PROCESS_TGS: authtime 0,  <unknown client> for
> krbtgt/BIURO.domain at BIURO.domain, Bad encryption type
> Apr 23 09:17:56 pdc krb5kdc[643]: closing down fd 15
> Apr 23 09:17:56 pdc krb5kdc[643]: AS_REQ (5 etypes {23 -133 -128 24
> -135})
> 192.168.0.139: CLIENT_NOT_FOUND: anadrol$@BIURO.domain for
> krbtgt/BIURO.domain at BIURO.domain, Client not found in Kerberos
> database
> Apr 23 09:17:56 pdc krb5kdc[643]: closing down fd 15
> Apr 23 09:17:57 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
> -135})
> 192.168.0.139: PROCESS_TGS: authtime 0,  <unknown client> for
> krbtgt/BIURO.domain at BIURO.domain, Bad encryption type
> Apr 23 09:17:57 pdc krb5kdc[643]: closing down fd 15
> Apr 23 09:17:57 pdc krb5kdc[643]: AS_REQ (5 etypes {23 -133 -128 24
> -135})
> 192.168.0.139: CLIENT_NOT_FOUND: anadrol$@BIURO.domain for
> krbtgt/BIURO.domain at BIURO.domain Client not found in Kerberos
> database
> Apr 23 09:17:57 pdc krb5kdc[643]: closing down fd 15
> Apr 23 09:17:57 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
> -135})
> 192.168.0.139: PROCESS_TGS: authtime 0,  <unknown client> for
> LDAP/pdc.biuro.domain/biuro.domain at BIURO.domain, Bad encryption type
> Apr 23 09:17:57 pdc krb5kdc[643]: closing down fd 15

Somehow you have started MIT krb5 and not Samba on your server.  It is
handling port 88 (kerberos) and is very confused.

Stop the MIT KDC process, and restart samba.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list