[Samba] kerberos got crazy after ubuntu upgrade from 14.04 to 16.04
Jakub Kulesza
jakkul+samba at gmail.com
Sun Apr 23 11:41:08 UTC 2017
Andrew, be sure to ring me up when you're in Warsaw/PL. I owe you a few
beers :)
I've stopped both and IT WORKS.
2017-04-23 13:21 GMT+02:00 Jakub Kulesza <jakkul+samba at gmail.com>:
> Andrew, thanks for answering. My ubuntu shows this:
>
> # systemctl | grep kr
> krb5-admin-server.service loaded active running
> Kerberos 5 Admin Server
> krb5-kdc.service loaded active running
> Kerberos 5 Key Distribution Center
>
> Should I disable both?
>
> 2017-04-23 12:39 GMT+02:00 Andrew Bartlett <abartlet at samba.org>:
>
>> On Sun, 2017-04-23 at 09:39 +0200, Jakub Kulesza via samba wrote:
>> > this is what kerberos throws in auth.log when I try to log in with a
>> > win2008 client:
>> >
>> > Apr 23 09:17:38 pdc kadmind[610]: closing down fd 31
>> > Apr 23 09:17:55 pdc krb5kdc[643]: AS_REQ (6 etypes {18 17 23 24 -135
>> > 3})
>> > 192.168.0.139: CLIENT_NOT_FOUND: qubix at GPMV for krbtgt/GPMV at GPMV,
>> > Client
>> > not found in Kerberos database
>> > Apr 23 09:17:55 pdc krb5kdc[643]: closing down fd 15
>> > Apr 23 09:17:56 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
>> > -135})
>> > 192.168.0.139: PROCESS_TGS: authtime 0, <unknown client> for
>> > krbtgt/BIURO.domain at BIURO.domain, Bad encryption type
>> > Apr 23 09:17:56 pdc krb5kdc[643]: closing down fd 15
>> > Apr 23 09:17:56 pdc krb5kdc[643]: AS_REQ (5 etypes {23 -133 -128 24
>> > -135})
>> > 192.168.0.139: CLIENT_NOT_FOUND: anadrol$@BIURO.domain for
>> > krbtgt/BIURO.domain at BIURO.domain, Client not found in Kerberos
>> > database
>> > Apr 23 09:17:56 pdc krb5kdc[643]: closing down fd 15
>> > Apr 23 09:17:57 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
>> > -135})
>> > 192.168.0.139: PROCESS_TGS: authtime 0, <unknown client> for
>> > krbtgt/BIURO.domain at BIURO.domain, Bad encryption type
>> > Apr 23 09:17:57 pdc krb5kdc[643]: closing down fd 15
>> > Apr 23 09:17:57 pdc krb5kdc[643]: AS_REQ (5 etypes {23 -133 -128 24
>> > -135})
>> > 192.168.0.139: CLIENT_NOT_FOUND: anadrol$@BIURO.domain for
>> > krbtgt/BIURO.domain at BIURO.domain Client not found in Kerberos
>> > database
>> > Apr 23 09:17:57 pdc krb5kdc[643]: closing down fd 15
>> > Apr 23 09:17:57 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
>> > -135})
>> > 192.168.0.139: PROCESS_TGS: authtime 0, <unknown client> for
>> > LDAP/pdc.biuro.domain/biuro.domain at BIURO.domain, Bad encryption type
>> > Apr 23 09:17:57 pdc krb5kdc[643]: closing down fd 15
>>
>> Somehow you have started MIT krb5 and not Samba on your server. It is
>> handling port 88 (kerberos) and is very confused.
>>
>> Stop the MIT KDC process, and restart samba.
>>
>> Andrew Bartlett
>>
>> --
>> Andrew Bartlett http://samba.org/~abartlet/
>> Authentication Developer, Samba Team http://samba.org
>> Samba Developer, Catalyst IT http://catalyst.net.nz/service
>> s/samba
>>
>>
>
More information about the samba
mailing list