[Samba] kerberos_kinit_password failed: Preauthentication failed
Carlos A. P. Cunha
carlos.hollow at gmail.com
Mon Jan 9 13:53:27 UTC 2017
Okay, my /etc/krb5.conf
[libdefaults]
default_realm =INTERNAL.TESTE.COM.BR dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
-------------------
klist now
klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at INTERNAL.TESTE.COM.BR
Valid starting Expires Service principal
06/01/2017 09:05:22 06/01/2017 19:05:22
krbtgt/INTERNAL.TESTE.COM.BR at INTERNAL.TESTE.COM.BR renew until
07/01/2017 09:05:21
06/01/2017 09:37:24 06/01/2017 19:05:22
ldap/server.internal.teste,com.br at INTERNAL.TESTE.COM.BR
-------------------
I do not have this file /etc/krb5.keytab(find dont search)
Server was implemented in October / 2016 it got 2 months without
problems and this started last Thursday .... No changes on the DC server.
: - |
Em 09-01-2017 10:56, Rowland Penny via samba escreveu:
> On Mon, 9 Jan 2017 10:17:48 -0200
> "Carlos A. P. Cunha" <carlos.hollow at gmail.com> wrote:
>
>> Rowland
>>
>> I'm guessing I was wrong, but my fear now is that I change this
>> setting, change my UID / GID, and stop sharing accesses.
>> Is this going to happen?
> It really should only affect the Well known SIDs etc, it shouldn't
> affect your users & groups, but it might, this is no reason to not fix
> it.
>
>> But by the very doubt, would that affect my problem, since it seems
>> to be something with kerberos?
> It seems as if your kerberos ticket is expiring, so if winbind isn't
> set up correctly, this could be the cause of it not being renewed. The
> only other difference between your smb.conf and mine, is that I also
> have these two lines:
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>
> Rowland
>
>
>
>
More information about the samba
mailing list