[Samba] Kerberos kinit not running

L. van Belle belle at samba.org
Wed Jul 20 07:56:24 UTC 2022 

3 points.. 

Did you set a PTR record for the servers? if not do so.

In krb5.conf 
Restore the debian default, its suffient. 
This is all you need for a normal AD-AD/Kerberos domain basicly.

[libdefaults]
        default_realm = CALORO.M
        dns_lookup_kdc = yes
        dns_lookup_realm = no
        ticket_lifetime = 24h

And show /etc/resolv.conf 
is the primary DNSDomain the first resolving domain? 

Run these. 
apt remove --autoremove --purge krb5-kdc  
apt satisfy winbind samba

that should do it. 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba <samba-bounces at lists.samba.org> Namens Maurizio Caloro via
> samba
> Verzonden: dinsdag 19 juli 2022 22:56
> Aan: Rowland Penny via samba <samba at lists.samba.org>
> Onderwerp: Re: [Samba] Kerberos kinit not running
> 
> 
> Am 19.07.2022 um 22:32 schrieb Rowland Penny via samba:
> > On Tue, 2022-07-19 at 22:09 +0200, Maurizio Caloro via samba wrote:
> >> ● krb5-kdc.service - Kerberos 5 Key Distribution Center
> >>        Loaded: loaded (/lib/systemd/system/krb5-kdc.service; enabled;
> >> vendor preset: enabled)
> > Turn this off and remove it, you are running two kdc's, the Heimdal one
> > built into Samba and the MIT kdc.
> >
> > Rowland
> 
> thanks for quick help, krb5-kdc are gone
>    -->rc  krb5-kdc    1.18.3-6+deb11u1    amd64    MIT Kerberos key
> server (KDC)
> 
> or i need to delete all this?
> 
> # dpkg -l | grep krb5*
> ii  krb5-config    2.6+nmu1    all    Configuration files for Kerberos
> Version 5
> rc  krb5-kdc    1.18.3-6+deb11u1    amd64    MIT Kerberos key server (KDC)
> ii  krb5-locales    1.18.3-6+deb11u1    all internationalization support
> for MIT Kerberos
> ii  krb5-multidev:amd64    1.18.3-6+deb11u1    amd64 development files
> for MIT Kerberos without Heimdal conflict
> ii  krb5-user    1.18.3-6+deb11u1    amd64    basic programs to
> authenticate using MIT Kerberos
> ii  libgssapi-krb5-2:amd64    1.18.3-6+deb11u1    amd64    MIT Kerberos
> runtime libraries - krb5 GSS-API Mechanism
> ii  libkrb5-26-heimdal:amd64    7.7.0+dfsg-2    amd64    Heimdal
> Kerberos - libraries
> ii  libkrb5-3:amd64    1.18.3-6+deb11u1    amd64    MIT Kerberos runtime
> libraries
> ii  libkrb5-dev:amd64    1.18.3-6+deb11u1    amd64    headers and
> development libraries for MIT Kerberos
> ii  libkrb5support0:amd64    1.18.3-6+deb11u1    amd64    MIT Kerberos
> runtime libraries - Support library
> 
> but styl the same
> 
> # kinit Administrator at CALORO.M
> kinit: Client 'Administrator at CALORO.M' not found in Kerberos database
> while getting initial credentials
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list