[Samba] heidmal to mit adminstrator password expired

Alexis Pellicier alexis.pellicier at nds.k12.tr
Thu Jun 28 06:17:25 UTC 2018


Hello,

I'm using samba as active directory with heidmal kerberos. I would like to
switch to MIT kerberos as this is the implementation my distrib has chosen.

I've made my kdc.conf according to these instructions:
https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC

But I can't authenticate it seems all my password are expired.

kinit administrator at SAMBA.DOM
Password for administrator at SAMBA.DOM
Password expired.  You must change it now.

But I can't change it:
kinit: Password has expired while getting initial credentials

Here is the logs of this action:

Jun 28 09:00:08  krb5kdc[13768](info): AS_REQ (8 etypes {18 17 20 19 16 23
25 26}) 192.168.1.194: CLIENT KEY EXPIRED: administrator at SAMBA.DOM for
krbtgt/SAMBA.DOM at SAMBA.DOM, Password has expired

Jun 28 09:00:08  krb5kdc[13768](info): AS_REQ (8 etypes {18 17 20 19 16 23
25 26}) 192.168.1.194: NEEDED_PREAUTH: administrator at SAMBA.DOM for
kadmin/changepw at SAMBA.DOM, Additional pre-authentication required

Jun 28 09:00:11  krb5kdc[13768](info): AS_REQ (8 etypes {18 17 20 19 16 23
25 26}) 192.168.1.194: ISSUE: authtime 1530165611, etypes {rep=18 tkt=23
ses=23}, administrator at SAMBA.DOM for kadmin/changepw at SAMBA.DOM

Jun 28 09:00:18  krb5kdc[13768](info): AS_REQ (8 etypes {18 17 20 19 16 23
25 26}) 192.168.1.194: CLIENT KEY EXPIRED: administrator at SAMBA.DOM for
krbtgt/SAMBA.DOM at SAMBA.DOM, Password has expired

I 'm not sure but maybe if I could reset the admin password it could help?
Is there any way of doing that?

Any help welcome.

Thank you.


More information about the samba mailing list