Web lists-archives.com

Re: [Samba] kerberos got crazy after ubuntu upgrade from 14.04 to 16.04




On Sun, 23 Apr 2017 11:40:45 +0200
Jakub Kulesza <jakkul+samba@xxxxxxxxx> wrote:

> OK, I've deleted everything what Rowland suggested. THANKS
> 
> Now smb.conf looks like this
> 
> [netlogon]
>   path = /var/local/samba/var/lib/samba/netlogon
> #path = /var/lib/samba/sysvol/biuro.domain/scripts

Put netlogon back into sysvol and what happened to the 'sysvol' share ?

> read only = No
 guest ok = yes <-- remove this

> 
> The result - the same. logging on a win2008 with user jkadmin gives
> the following:
> 
> Apr 23 11:37:36 pdc krb5kdc[656]: AS_REQ (6 etypes {18 17 23 24 -135
> 3}) 192.168.0.139: CLIENT_NOT_FOUND: jkadmin@xxxxxxxxxxxxxxx for
> krbtgt/ biuro.domain.pl@xxxxxxxxxxxxxxx, Client not found in Kerberos
> database Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
> Apr 23 11:37:36 pdc krb5kdc[656]: DISPATCH: repeated (retransmitted?)
> request from 192.168.0.139, resending previous response
> Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
> Apr 23 11:37:36 pdc krb5kdc[656]: TGS_REQ (5 etypes {18 17 23 24
> -135}) 192.168.0.139: PROCESS_TGS: authtime 0,  <unknown client> for
> krbtgt/ BIURO.domain.PL@xxxxxxxxxxxxxxx, Bad encryption type
> Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
> Apr 23 11:37:36 pdc krb5kdc[656]: AS_REQ (5 etypes {23 -133 -128 24
> -135}) 192.168.0.139: CLIENT_NOT_FOUND: anadrol$@BIURO.domain.PL for
> krbtgt/ BIURO.domain.PL@xxxxxxxxxxxxxxx, Client not found in Kerberos
> database Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
> Apr 23 11:37:36 pdc krb5kdc[656]: DISPATCH: repeated (retransmitted?)
> request from 192.168.0.139, resending previous response
> Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
> Apr 23 11:37:36 pdc krb5kdc[656]: TGS_REQ (5 etypes {18 17 23 24
> -135}) 192.168.0.139: PROCESS_TGS: authtime 0,  <unknown client> for
> krbtgt/ BIURO.domain.PL@xxxxxxxxxxxxxxx, Bad encryption type
> Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
> Apr 23 11:37:36 pdc krb5kdc[656]: AS_REQ (5 etypes {23 -133 -128 24
> -135}) 192.168.0.139: CLIENT_NOT_FOUND: anadrol$@BIURO.domain.PL for
> krbtgt/ BIURO.domain.PL@xxxxxxxxxxxxxxx, Client not found in Kerberos
> database Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
> Apr 23 11:37:36 pdc krb5kdc[656]: DISPATCH: repeated (retransmitted?)
> request from 192.168.0.139, resending previous response
> Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
> Apr 23 11:37:36 pdc krb5kdc[656]: TGS_REQ (5 etypes {18 17 23 24
> -135}) 192.168.0.139: PROCESS_TGS: authtime 0,  <unknown client> for
> LDAP/ pdc.biuro.domain.pl/biuro.domain.pl@xxxxxxxxxxxxxxx, Bad
> encryption type Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
> 
> funny thing, with ads testjoin

You do not test a DC like that, did you actually join the Samba AD DC
with samba-tool ?

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba