[Samba] Kerberos authentication issue after upgrading from 4-14-stable to 4-15-stable

Matthias Kühne | Ellerhold AG matthias.kuehne at ellerhold.de
Thu Jan 27 13:40:33 UTC 2022


just as a side info: Ive had all kinds of weird problems when I 
accidently had nslcd installed on a domain joined member. After Rowland 
asking me to uninstall it and me doing it everything worked.

See this thread for more information on my situation then: 

Matthias Kühne.

Am 27.01.22 um 13:43 schrieb Rowland Penny via samba:
> On Thu, 2022-01-27 at 15:01 +0300, Alex via samba wrote:
>> Hello Louis,
>> Samba is already handling the system's keytab (/etc/krb5.keytab), but
>> for some reason this error comes up when I try to acquire a TGT with
>> k5start:
>> [root at vm-corp samba]# /usr/bin/k5start -f /etc/krb5.keytab -L -l 1d
>> -k /tmp/krb5cc_test -U -o nslcd -vvv
>> Kerberos initialization for host/vm-corp.abisoft.biz at ABISOFT.BIZ
>> k5start: authenticating as host/vm-corp.abisoft.biz at ABISOFT.BIZ
>> k5start: getting tickets for krbtgt/ABISOFT.BIZ at ABISOFT.BIZ
>> k5start: error getting credentials: Client
>> 'host/vm-corp.abisoft.biz at ABISOFT.BIZ' not found in Kerberos database
>> [root at vm-corp samba]# net ads keytab list /etc/krb5.keytab | grep
>> 'host/vm-corp.abisoft.biz at ABISOFT.BIZ'
>>    2  DES cbc mode with CRC-32
>> host/vm-corp.abisoft.biz at ABISOFT.BIZ
>>    2  DES cbc mode with RSA-MD5
>> host/vm-corp.abisoft.biz at ABISOFT.BIZ
>>    2  AES-128 CTS mode with 96-bit SHA-1 HMAC
>> host/vm-corp.abisoft.biz at ABISOFT.BIZ
>>    2  AES-256 CTS mode with 96-bit SHA-1 HMAC
>> host/vm-corp.abisoft.biz at ABISOFT.BIZ
>>    2  ArcFour with HMAC/md5
>> host/vm-corp.abisoft.biz at ABISOFT.BIZ
>> Any ideas why?
>> The reason to use k5start is b/c some progs can't work with keytab
>> file directly. For example, nslcd.
> Where are you using nslcd ?
> By where, I mean on a Samba DC, or a Unix domain member, or a computer
> that isn't joined to the domain.
> Why are you using nslcd ?
> Rowland
Matthias Kühne
Senior Webentwickler

Ellerhold Aktiengesellschaft
Friedrich-List-Str. 4
01445 Radebeul

Telefon: +49 (0) 351 83933-61
Telefax: +49 (0) 351 83933-99

Web     www.ellerhold.de
Twitter www.twitter.com/Ellerhold_AG
Youtube www.youtube.com/user/ellerholdgruppe

Amtsgericht Dresden / HRB 23769
Vorstand: Stephan Ellerhold, Maximilian Ellerhold
Vorsitzender des Aufsichtsrates: Frank Ellerhold

---Diese E-Mail und Ihre Anlagen enthalten vertrauliche Mitteilungen. Sollten Sie nicht der beabsichtigte Adressat sein, so bitten wir Sie um Mitteilung und um sofortiges löschen dieser E-Mail und der Anlagen.

Unsere Hinweise zum Datenschutz finden Sie hier: http://www.ellerhold.de/datenschutz/

This e-mail and its attachments are privileged and confidential. If you are not the intended recipient, please notify us and immediately delete this e-mail and its attachments.

You can find our privacy policy here: http://www.ellerhold.de/datenschutz/

More information about the samba mailing list