[Samba] krb5_kt_start_seq_get failed (Permission denied)
Yakov Revyakin
yrevyakin at gmail.com
Thu Jul 23 09:59:30 UTC 2020
The same:
[libdefaults]
default_realm = SVITLA3.ROOM
dns_lookup_realm = false
dns_lookup_kdc = true
ignore_k5login = true
child daemon request 13
[ 2561]: dual pam auth SVITLA3\test03
../source3/librpc/crypto/gse_krb5.c:417: krb5_kt_start_seq_get failed
(Permission denied)
Setting unix username to [SVITLA3\test03]
Plain-text authentication for user SVITLA3\test03 returned NT_STATUS_OK
(PAM: 0)
Finished processing child request 13
On Thu, 23 Jul 2020 at 12:36, L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:
> Try this :
>
> #source:
> https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/1484262
>
> Add in /etc/krb5.conf in [libdefaults]
> ignore_k5login = true
>
> Did it help?
>
> If (as in my case) root is not allowed in the user homdirs it can
> validateon $HOME/.k5login
> Above fixed it for me.
>
> I only cant tell based on the config if this applies to you.
> Its a simple thing to try.
>
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Yakov Revyakin via samba
> > Verzonden: donderdag 23 juli 2020 11:20
> > Aan: Rowland penny
> > CC: sambalist
> > Onderwerp: Re: [Samba] krb5_kt_start_seq_get failed
> > (Permission denied)
> >
> > Ubuntu 18.04 LTS
> >
> > root is owner
> >
> > In case of 644
> > d at uc-sm18:~$ sudo ls -la /etc/krb5.keytab
> > -rw-r--r-- 1 root root 1122 Jul 17 13:16 /etc/krb5.keytab
> >
> > [global]
> > workgroup = SVITLA3
> > security = ADS
> > realm = SVITLA3.ROOM
> >
> > winbind refresh tickets = Yes
> > vfs objects = acl_xattr
> > map acl inherit = Yes
> > store dos attributes = Yes
> >
> > dedicated keytab file = /etc/krb5.keytab
> > kerberos method = secrets and keytab
> >
> > winbind enum users = yes
> > winbind enum groups = yes
> >
> > winbind offline logon = yes
> >
> > load printers = no
> > printing = bsd
> > printcap name = /dev/null
> > disable spoolss = yes
> >
> > log file = /var/log/samba/%m.log
> > log level = 1 auth:9 kerberos:9 winbind:9
> > debug timestamp = no
> >
> > idmap config * : backend = tdb
> > idmap config * : range = 3000-7999
> >
> > idmap config SVITLA3:backend = ad
> > idmap config SVITLA3:schema_mode = rfc2307
> > idmap config SVITLA3:range = 20000-29999
> > idmap config SVITLA3:unix_nss_info = yes
> >
> > template shell = /bin/bash
> > template homedir = /home/%U
> >
> >
> > On Thu, 23 Jul 2020 at 11:10, Rowland penny via samba
> > <samba at lists.samba.org>
> > wrote:
> >
> > > On 23/07/2020 06:28, Yakov Revyakin via samba wrote:
> > > > On a DOMAIN Linux member in log.wb_DOMAIN I can see the
> > error message
> > > > "krb5_kt_start_seq_get failed (Permission denied)" during
> > any attempt of
> > > > user authentication.
> > > > In result a user is authenticated successfully. But what does this
> > > message
> > > > mean?
> > > >
> > > > My krb5.keytab has permissions 600 by default.
> > > > If I change its permissions to 644 the error message goes.
> > >
> > > For some reason, the keytab cannot be read, yet the '600'
> > is correct,
> > > who owns it ? it should be 'root' (user 0)
> > >
> > > Can we see your smb.conf and can you also tell us what OS
> > you are using ?
> > >
> > > Rowland
> > >
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list