[Samba] Samba AD DC on a trust relationship with IdM - kpasswd not working porperly
Mateo Duffour
mduffour at fnr.gub.uy
Wed Apr 20 19:23:03 UTC 2022
Hi,
The error we are experimenting is the same that happened to us with Samba 4.15.
Any help is appreciated, regards.
Lic. Mateo Duffour
Unidad Informática
2901.40.91
[ http://maps.apple.com/?q=18%20de%20julio%20985%20-%20Piso%204,Montevideo,Uruguay | 18 de julio 985 - Piso 3, Montevideo, Uruguay ]
[ http://www.fnr.gub.uy/ | ]
No me imprimas si no es necesario. Protejamos el medio ambiente. Este mensaje y la información adjunta al mismo está dirigido exclusivamente a su destinatario. Puede contener información confidencial, privilegiada o de uso restringido, protegida por las normas. Si Ud. recibió este e-mail por error, por favor, sírvase notificarle a quien se lo envió y borrar el original. Cualquier otro uso del e-mail por Ud. está prohibido.
----- Original Message -----
From: "Mateo Duffour" <mduffour at fnr.gub.uy>
To: "samba" <samba at lists.samba.org>
Cc: "Rowland Penny" <rpenny at samba.org>, "Juan Andrés Ghigliazza" <aghigliazza at fnr.gub.uy>
Sent: Wednesday, 13 April, 2022 14:35:39
Subject: Re: [Samba] Samba AD DC on a trust relationship with IdM - kpasswd not working porperly
Hi,
We've configured a two way trust of IdM with our Samba 4.16.0, now we are getting the same behavior mentioned on the Samba https://bugzilla.samba.org/show_bug.cgi?id=15021
Many thanks.
Lic. Mateo Duffour
Unidad Informática
2901.40.91
[ http://maps.apple.com/?q=18%20de%20julio%20985%20-%20Piso%204,Montevideo,Uruguay | 18 de julio 985 - Piso 3, Montevideo, Uruguay ]
[ http://www.fnr.gub.uy/ | ]
No me imprimas si no es necesario. Protejamos el medio ambiente. Este mensaje y la información adjunta al mismo está dirigido exclusivamente a su destinatario. Puede contener información confidencial, privilegiada o de uso restringido, protegida por las normas. Si Ud. recibió este e-mail por error, por favor, sírvase notificarle a quien se lo envió y borrar el original. Cualquier otro uso del e-mail por Ud. está prohibido.
----- Original Message -----
From: "Rowland Penny via samba" <samba at lists.samba.org>
To: "samba" <samba at lists.samba.org>
Cc: "Rowland Penny" <rpenny at samba.org>
Sent: Thursday, 7 April, 2022 12:54:27
Subject: Re: [Samba] Samba AD DC on a trust relationship with IdM - kpasswd not working porperly
On Thu, 2022-04-07 at 12:39 -0300, Mateo Duffour via samba wrote:
> Hi,
>
> We've updated our Samba server version to 4.16.0 and we're getting
> this error now (when trying to login with any user):
>
> Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx krb5_child[4846]: Error
> constructing AP-REQ armor: Server
> krbtgt/ADTEST.xxx.xxx.xx at IDMPRU.xxx.xxx.xx not found in Kerberos
> database
> Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx krb5_child[4846]: Error
> constructing AP-REQ armor: Server
> krbtgt/ADTEST.xxx.xxx.xx at IDMPRU.xxx.xxx.xx not found in Kerberos
> database
> Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx sshd[4842]:
> pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0
> tty=ssh ruser= rhost=10.9.9.4 user=usu7 at adtest.xxx.xxx.xx
> Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx sshd[4842]:
> pam_sss(sshd:auth): received for user usu7 at adtest.xxx.xxx.xx: 4
> (System error)
> Apr 07 11:50:48 idmsrvpru.idmpru.xxx.xxx.xx sshd[4840]: error: PAM:
> Authentication failure for usu7 at adtest.xxx.xxx.xx from 10.9.9.4
>
> Any help is appreciated, regards.
None of that appears to be coming from Samba, could it be coming from
sssd ? If so, I suggest you ask on the sssd-users mailing list.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list