[Samba] kerberos_kinit_password failed: Preauthentication failed

Carlos A. P. Cunha carlos.hollow at gmail.com
Mon Jan 9 13:53:27 UTC 2017


Okay, my /etc/krb5.conf

[libdefaults]
         default_realm =INTERNAL.TESTE.COM.BR dns_lookup_realm = false
         dns_lookup_kdc = true
         ticket_lifetime = 24h
         forwardable = yes

-------------------

klist now

klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at INTERNAL.TESTE.COM.BR


Valid starting       Expires              Service principal
06/01/2017 09:05:22  06/01/2017 19:05:22  
krbtgt/INTERNAL.TESTE.COM.BR at INTERNAL.TESTE.COM.BR renew until 
07/01/2017 09:05:21
06/01/2017 09:37:24  06/01/2017 19:05:22  
ldap/server.internal.teste,com.br at INTERNAL.TESTE.COM.BR


-------------------

I do not have this file /etc/krb5.keytab(find dont search)


Server was implemented in October / 2016 it got 2 months without 
problems and this started last Thursday .... No changes on the DC server.
: - |



Em 09-01-2017 10:56, Rowland Penny via samba escreveu:
> On Mon, 9 Jan 2017 10:17:48 -0200
> "Carlos A. P. Cunha" <carlos.hollow at gmail.com> wrote:
>
>> Rowland
>>
>> I'm guessing I was wrong, but my fear now is that I change this
>> setting, change my UID / GID, and stop sharing accesses.
>> Is this going to happen?
> It really should only affect the Well known SIDs etc, it shouldn't
> affect your users & groups, but it might, this is no reason to not fix
> it.
>
>> But by the very doubt, would that affect my problem, since it seems
>> to be something with kerberos?
> It seems as if your kerberos ticket is expiring, so if winbind isn't
> set up correctly, this could be the cause of it not being renewed. The
> only other difference between your smb.conf and mine, is that I also
> have these two lines:
>
>      dedicated keytab file = /etc/krb5.keytab
>      kerberos method = secrets and keytab
>
> Rowland
>   
>
>
>



More information about the samba mailing list