[Samba] ads_kinit_password failed: Preauthentication failed
in [Samba]
|
Prev: member server can't authenticate users?
Next: ads_kinit_password failed: Preauthentication failed
From: Lachlan Pollock on 1 Sep 2006 04:10 Hi, I am have compiled samba 3.0.23b (MIT Kerberos 1.5.1) on Solaris 10. I am unable to join the ads domain. net ads testjoin returns the following output... [2006/09/01 17:25:17, 0] libads/kerberos.c:ads_kinit_password(208) kerberos_kinit_password ARTEMISIA$@UNIMELB.EDU.AU failed: Preauthentication failed [2006/09/01 17:25:17, 0] libads/kerberos.c:ads_kinit_password(208) kerberos_kinit_password ARTEMISIA$@UNIMELB.EDU.AU failed: Preauthentication failed [2006/09/01 17:25:17, 0] utils/net_ads.c:ads_startup(281) ads_connect: Preauthentication failed Join to domain is not valid I have what looks like a valid ticket in klist... Ticket cache: FILE:/tmp/krb5cc_0 Default principal: <username>@UNIMELB.EDU.AU Valid starting Expires Service principal 01/09/2006 14:00 02/09/2006 00:00 krbtgt/UNIMELB.EDU.AU(a)UNIMELB.EDU.AU renew until 08/09/2006 14:00 01/09/2006 14:39 02/09/2006 00:00 cres-dc1$@UNIMELB.EDU.AU renew until 08/09/2006 14:00 01/09/2006 17:06 02/09/2006 00:00 dc25$@UNIMELB.EDU.AU renew until 08/09/2006 14:00 My krb5.conf maps the realm as follows... [libdefaults] default_realm = UNIMELB.EDU.AU # dns_lookup_realm = false # dns_lookup_kdc = false [realms] UNIMELB.EDU.AU = { kdc = adk1.unimelb.edu.au:88 kdc = adk2.unimelb.edu.au:88 default_domain = unimelb.edu.au } [domain_realm] .unimelb.edu.au = UNIMELB.EDU.AU unimelb.edu.au = UNIMELB.EDU.AU [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log kdc_rotate = { period = 1d versions = 10 } [kdc] profile = /etc/krb5/kdc.conf [appdefaults] pam = { debug = true ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } kinit = { renewable = true forwardable= true } gkadmin = { help_url = http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195 } and my smb.conf is... [global] workgroup = UNIMELB server string = 'new potter' netbios name = ARTEMISIA hosts allow = 127. 128.250. security = ADS realm = UNIMELB.EDU.AU local master = no domain master = no use kerberos keytab = yes wins server = 128.250.144.64 password server = dc25.unimelb.edu.au idmap uid = 1000-29999 idmap gid = 1000-29999 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes template homedir = /home/%D/%U template shell = /bin/false client use spnego = yes My DNS domain is different from the AD domain. The computer account is newly created and exists before I testjoin. If I ignore the error and try to join the AD computer account becomes disabled. I have debug level 10 logs available. Thanks in advance for any assistance. Cheers Lachlan -- ************************************************************* Lachlan Pollock mailto:lachlan.pollock at unimelb.edu.au Systems Administrator, ArtsIT, Faculty of Arts University of Melbourne, Victoria 3010, AUSTRALIA ************************************************************* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
Pages: 1 Prev: member server can't authenticate users? Next: ads_kinit_password failed: Preauthentication failed |