[Samba] Kerberos authentication issue after upgrading from 4-14-stable to 4-15-stable

Andrew Bartlett abartlet at samba.org
Thu Jan 27 07:29:10 UTC 2022

On Thu, 2022-01-27 at 09:54 +0300, Alex via samba wrote:
> Stefan,
> > > The permissions are correct and they didn't change during the
> > > Samba upgrade:
> > > [root at vm-corp etc]# ls -l /usr/local/etc/padl.keytab
> > > -rw------- 1 root root 60 Jan 26 11:06 /usr/local/etc/padl.keytab
> > I just set up a new debian11 with k5start together with OpenLDAP
> > and I
> > also had the permission to "600 root root" and it did not work.
> > With the
> > new version of k5start you must set the owner to the user who
> > should use
> > the keytab so in you setup it should belong to padl and 600 as
> > permission is required, but you already have it set to 600.
> As I said before, no changes were made besides upgrading Samba on the
> domain controllers (and vm-corp is not a DC). So, these permissions
> work w/o issues when the DC is Samba 4.14.
> Anyway, thanks for trying to help!

The big difference with 4.15 is likely to be that we disabled DES
encryption types recently, so if you followed an old guide that said to
force DES that would end badly.

Andrew Bartlett

Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source

More information about the samba mailing list