[Samba] krb5_kt_start_seq_get failed (Permission denied)
L.P.H. van Belle
belle at bazuin.nl
Thu Jul 23 09:35:27 UTC 2020
Try this :
Add in /etc/krb5.conf in [libdefaults]
ignore_k5login = true
Did it help?
If (as in my case) root is not allowed in the user homdirs it can validateon $HOME/.k5login
Above fixed it for me.
I only cant tell based on the config if this applies to you.
Its a simple thing to try.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Yakov Revyakin via samba
> Verzonden: donderdag 23 juli 2020 11:20
> Aan: Rowland penny
> CC: sambalist
> Onderwerp: Re: [Samba] krb5_kt_start_seq_get failed
> (Permission denied)
> Ubuntu 18.04 LTS
> root is owner
> In case of 644
> d at uc-sm18:~$ sudo ls -la /etc/krb5.keytab
> -rw-r--r-- 1 root root 1122 Jul 17 13:16 /etc/krb5.keytab
> workgroup = SVITLA3
> security = ADS
> realm = SVITLA3.ROOM
> winbind refresh tickets = Yes
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> winbind enum users = yes
> winbind enum groups = yes
> winbind offline logon = yes
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
> log file = /var/log/samba/%m.log
> log level = 1 auth:9 kerberos:9 winbind:9
> debug timestamp = no
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config SVITLA3:backend = ad
> idmap config SVITLA3:schema_mode = rfc2307
> idmap config SVITLA3:range = 20000-29999
> idmap config SVITLA3:unix_nss_info = yes
> template shell = /bin/bash
> template homedir = /home/%U
> On Thu, 23 Jul 2020 at 11:10, Rowland penny via samba
> <samba at lists.samba.org>
> > On 23/07/2020 06:28, Yakov Revyakin via samba wrote:
> > > On a DOMAIN Linux member in log.wb_DOMAIN I can see the
> error message
> > > "krb5_kt_start_seq_get failed (Permission denied)" during
> any attempt of
> > > user authentication.
> > > In result a user is authenticated successfully. But what does this
> > message
> > > mean?
> > >
> > > My krb5.keytab has permissions 600 by default.
> > > If I change its permissions to 644 the error message goes.
> > For some reason, the keytab cannot be read, yet the '600'
> is correct,
> > who owns it ? it should be 'root' (user 0)
> > Can we see your smb.conf and can you also tell us what OS
> you are using ?
> > Rowland
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba