[Samba] heidmal to mit adminstrator password expired
Alexis Pellicier
alexis.pellicier at nds.k12.tr
Thu Jun 28 06:17:25 UTC 2018
Hello,
I'm using samba as active directory with heidmal kerberos. I would like to
switch to MIT kerberos as this is the implementation my distrib has chosen.
I've made my kdc.conf according to these instructions:
https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
But I can't authenticate it seems all my password are expired.
kinit administrator at SAMBA.DOM
Password for administrator at SAMBA.DOM
Password expired. You must change it now.
But I can't change it:
kinit: Password has expired while getting initial credentials
Here is the logs of this action:
Jun 28 09:00:08 krb5kdc[13768](info): AS_REQ (8 etypes {18 17 20 19 16 23
25 26}) 192.168.1.194: CLIENT KEY EXPIRED: administrator at SAMBA.DOM for
krbtgt/SAMBA.DOM at SAMBA.DOM, Password has expired
Jun 28 09:00:08 krb5kdc[13768](info): AS_REQ (8 etypes {18 17 20 19 16 23
25 26}) 192.168.1.194: NEEDED_PREAUTH: administrator at SAMBA.DOM for
kadmin/changepw at SAMBA.DOM, Additional pre-authentication required
Jun 28 09:00:11 krb5kdc[13768](info): AS_REQ (8 etypes {18 17 20 19 16 23
25 26}) 192.168.1.194: ISSUE: authtime 1530165611, etypes {rep=18 tkt=23
ses=23}, administrator at SAMBA.DOM for kadmin/changepw at SAMBA.DOM
Jun 28 09:00:18 krb5kdc[13768](info): AS_REQ (8 etypes {18 17 20 19 16 23
25 26}) 192.168.1.194: CLIENT KEY EXPIRED: administrator at SAMBA.DOM for
krbtgt/SAMBA.DOM at SAMBA.DOM, Password has expired
I 'm not sure but maybe if I could reset the admin password it could help?
Is there any way of doing that?
Any help welcome.
Thank you.
More information about the samba
mailing list