[Samba] Kerberos kinit not running
L. van Belle
belle at samba.org
Wed Jul 20 07:56:24 UTC 2022
3 points..
Did you set a PTR record for the servers? if not do so.
In krb5.conf
Restore the debian default, its suffient.
This is all you need for a normal AD-AD/Kerberos domain basicly.
[libdefaults]
default_realm = CALORO.M
dns_lookup_kdc = yes
dns_lookup_realm = no
ticket_lifetime = 24h
And show /etc/resolv.conf
is the primary DNSDomain the first resolving domain?
Run these.
apt remove --autoremove --purge krb5-kdc
apt satisfy winbind samba
that should do it.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba <samba-bounces at lists.samba.org> Namens Maurizio Caloro via
> samba
> Verzonden: dinsdag 19 juli 2022 22:56
> Aan: Rowland Penny via samba <samba at lists.samba.org>
> Onderwerp: Re: [Samba] Kerberos kinit not running
>
>
> Am 19.07.2022 um 22:32 schrieb Rowland Penny via samba:
> > On Tue, 2022-07-19 at 22:09 +0200, Maurizio Caloro via samba wrote:
> >> ● krb5-kdc.service - Kerberos 5 Key Distribution Center
> >> Loaded: loaded (/lib/systemd/system/krb5-kdc.service; enabled;
> >> vendor preset: enabled)
> > Turn this off and remove it, you are running two kdc's, the Heimdal one
> > built into Samba and the MIT kdc.
> >
> > Rowland
>
> thanks for quick help, krb5-kdc are gone
> -->rc krb5-kdc 1.18.3-6+deb11u1 amd64 MIT Kerberos key
> server (KDC)
>
> or i need to delete all this?
>
> # dpkg -l | grep krb5*
> ii krb5-config 2.6+nmu1 all Configuration files for Kerberos
> Version 5
> rc krb5-kdc 1.18.3-6+deb11u1 amd64 MIT Kerberos key server (KDC)
> ii krb5-locales 1.18.3-6+deb11u1 all internationalization support
> for MIT Kerberos
> ii krb5-multidev:amd64 1.18.3-6+deb11u1 amd64 development files
> for MIT Kerberos without Heimdal conflict
> ii krb5-user 1.18.3-6+deb11u1 amd64 basic programs to
> authenticate using MIT Kerberos
> ii libgssapi-krb5-2:amd64 1.18.3-6+deb11u1 amd64 MIT Kerberos
> runtime libraries - krb5 GSS-API Mechanism
> ii libkrb5-26-heimdal:amd64 7.7.0+dfsg-2 amd64 Heimdal
> Kerberos - libraries
> ii libkrb5-3:amd64 1.18.3-6+deb11u1 amd64 MIT Kerberos runtime
> libraries
> ii libkrb5-dev:amd64 1.18.3-6+deb11u1 amd64 headers and
> development libraries for MIT Kerberos
> ii libkrb5support0:amd64 1.18.3-6+deb11u1 amd64 MIT Kerberos
> runtime libraries - Support library
>
> but styl the same
>
> # kinit Administrator at CALORO.M
> kinit: Client 'Administrator at CALORO.M' not found in Kerberos database
> while getting initial credentials
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list