[Samba] kerberos_kinit_password failed: Preauthentication failed
Rowland Penny
rpenny at samba.org
Mon Jan 9 14:32:37 UTC 2017
On Mon, 9 Jan 2017 11:53:27 -0200
"Carlos A. P. Cunha" <carlos.hollow at gmail.com> wrote:
> Okay, my /etc/krb5.conf
>
> [libdefaults]
> default_realm =INTERNAL.TESTE.COM.BR
> dns_lookup_realm = false
> dns_lookup_kdc = true
You only need the top three lines
> ticket_lifetime = 24h
> forwardable = yes
>
> -------------------
>
> klist now
>
> klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: administrator at INTERNAL.TESTE.COM.BR
>
>
> Valid starting Expires Service principal
> 06/01/2017 09:05:22 06/01/2017 19:05:22
> krbtgt/INTERNAL.TESTE.COM.BR at INTERNAL.TESTE.COM.BR renew until
> 07/01/2017 09:05:21
> 06/01/2017 09:37:24 06/01/2017 19:05:22
> ldap/server.internal.teste,com.br at INTERNAL.TESTE.COM.BR
>
That is the root/Administrator cache, the machine cache is in memory.
>
> -------------------
>
> I do not have this file /etc/krb5.keytab(find dont search)
That is because you do not have the two lines in smb.conf, if you did
have them when you joined the domain member to the domain. it would be
created. Try 'net leave -Uadministrator', then 'net join
-Uadministrator', this should create it (after you have added the lines
to smb.conf). You will also have to stop the Samba binaries 'nmbd',
smbd' and 'winbindd'
Rowland
More information about the samba
mailing list