samba4 success/failure report...all's working despite kerberized ssh

Tue Feb 18 07:25:19 MST 2014

OK, here is some more information:

on mail a klist -k -t -e

Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp         Principal
---- ----------------- ----------------------------------------------------=
----
   1 02/18/14 11:58:05 mail$@WEIRD-WEB-WORKERS.ORG (des-cbc-crc)=20
   1 02/18/14 11:58:05 mail$@WEIRD-WEB-WORKERS.ORG (des-cbc-md5)=20
   1 02/18/14 11:58:05 mail$@WEIRD-WEB-WORKERS.ORG (arcfour-hmac)=20
   1 02/18/14 11:58:11 MAIL$@WEIRD-WEB-WORKERS.ORG (des-cbc-crc)=20
   1 02/18/14 11:58:11 MAIL$@WEIRD-WEB-WORKERS.ORG (des-cbc-md5)=20
   1 02/18/14 11:58:11 MAIL$@WEIRD-WEB-WORKERS.ORG (arcfour-hmac)=20
   1 02/18/14 11:58:23 host/mail at WEIRD-WEB-WORKERS.ORG (des-cbc-crc)=20
   1 02/18/14 11:58:23 host/mail at WEIRD-WEB-WORKERS.ORG (des-cbc-md5)=20
   1 02/18/14 11:58:23 host/mail at WEIRD-WEB-WORKERS.ORG (arcfour-hmac)=20
   1 02/18/14 11:58:32 HOST/mail at WEIRD-WEB-WORKERS.ORG (des-cbc-crc)=20
   1 02/18/14 11:58:32 HOST/mail at WEIRD-WEB-WORKERS.ORG (des-cbc-md5)=20
   1 02/18/14 11:58:32 HOST/mail at WEIRD-WEB-WORKERS.ORG (arcfour-hmac)=20
   1 02/18/14 11:58:43 host/mail.weird-web-workers.org at WEIRD-WEB-WORKERS.OR=
G (des-cbc-crc)=20
   1 02/18/14 11:58:43 host/mail.weird-web-workers.org at WEIRD-WEB-WORKERS.OR=
G (des-cbc-md5)=20
   1 02/18/14 11:58:43 host/mail.weird-web-workers.org at WEIRD-WEB-WORKERS.OR=
G (arcfour-hmac)=20
   1 02/18/14 11:58:54 HOST/mail.weird-web-workers.org at WEIRD-WEB-WORKERS.OR=
G (des-cbc-crc)=20
   1 02/18/14 11:58:54 HOST/mail.weird-web-workers.org at WEIRD-WEB-WORKERS.OR=
G (des-cbc-md5)=20
   1 02/18/14 11:58:54 HOST/mail.weird-web-workers.org at WEIRD-WEB-WORKERS.OR=
G (arcfour-hmac)=20

kvno host/mail.wierd-web-workers.org on mail:

host/mail.wierd-web-workers.org at WEIRD-WEB-WORKERS.ORG: kvno =3D 1

I started with the krb5.conf that was created during the samba=20
domain provisioning but now it looks like this in both www and mail:

[libdefaults]
	default_realm =3D WEIRD-WEB-WORKERS.ORG
	default_keytab_name =3D FILE:/etc/krb5.keytab
	dns_lookup_realm =3D false
	dns_lookup_kdc =3D true
	forwardable =3D true
	proxiable =3D true
	allow_wek_crypto =3D true
	allow_weak_crypto =3D true

[realms]
	WEIRD-WEB-WORKERS.ORG =3D {
		kdc =3D samba.weird-web-workers.org 1 :88
		default_domain =3D weird-web-workers.org
	}

[logging]
        default =3D FILE:/var/log/krb5libs.log
        kdc =3D FILE:/var/log/krb5kdc.log
        admin_server =3D FILE:/var/log/kadm5.log

What I found curious is that the logfiles are not even created.

best regards
   Georg Hopp

> On Tue, Feb 18, 2014 at 01:41:57PM +0000, Georg Hopp wrote:
> > Sorry, no it does not.
> 
> does
> 
> kvno host/mail.wierd-web-workers.org
> 
> return you the service ticket?
> 
> Can you send your krb5.conf?
> 
> bye,
> Sumit
> 
> > 
> > On Tue, Feb 18, 2014 at 02:34:24PM +0100, Sumit Bose wrote:
> > > On Tue, Feb 18, 2014 at 01:13:53PM +0000, Georg Hopp wrote:
> > > > Hi,
> > > > 
> > > > 
> > > > And here the one of ssh -vvv -p 2222 mail:
> > > 
> > > does it work if you use the fully-qualified name of your mail server?
> > > 
> > > bye,
> > > Sumit
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140218/7febae39/attachment.pgp>