Mark Foley mfoley at ohprs.org
Sat Jan 19 21:26:21 UTC 2019

On Sun, 20 Jan 2019 08:06:26 +1300 Andrew Bartlett wrote:
> On Sat, 2019-01-19 at 13:37 -0500, Mark Foley via samba wrote:
> > I sure could use some help on this.  Perhaps this problem is due to a
> > recent Windows update?
>> > Furthermore, when I do actually log into this computer as 'mark' and
> > enter the correct PW, it
> > works fine, no Auth errors. 
> > 
> > Could someone point me in the right direction for research? 
> Turn up the Samba log level further so you get the Kerberos: messages
> from the internal Heimdal KDC.  That may help us see what is going
> wrong.
> Andrew Bartlett
> -- 

Andrew, added kerberos:10 to samba Log Level. Got the following:

[2019/01/19 16:12:48.582972,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: AS-REQ mark at HPRS from ipv4: for krbtgt/HPRS at HPRS

[2019/01/19 16:12:48.584099,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Client sent patypes: encrypted-timestamp, 128

[2019/01/19 16:12:48.584109,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Looking for PKINIT pa-data -- mark at HPRS

[2019/01/19 16:12:48.584113,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Client (mark at HPRS) is locked out

I've not seen the syntax mark at OHPRS before.  Is this legit? Normally, I see HPRS\mark where
HPRS is the domain (hprs.local) and mark is the user. 

Does this provide some clues? Is something messed up with my kerberos settings?


More information about the samba mailing list