Web lists-archives.com

Re: [Samba] kerberos got crazy after ubuntu upgrade from 14.04 to 16.04




On Sun, 2017-04-23 at 09:39 +0200, Jakub Kulesza via samba wrote:
> this is what kerberos throws in auth.log when I try to log in with a
> win2008 client:
> 
> Apr 23 09:17:38 pdc kadmind[610]: closing down fd 31
> Apr 23 09:17:55 pdc krb5kdc[643]: AS_REQ (6 etypes {18 17 23 24 -135
> 3})
> 192.168.0.139: CLIENT_NOT_FOUND: qubix@GPMV for krbtgt/GPMV@GPMV,
> Client
> not found in Kerberos database
> Apr 23 09:17:55 pdc krb5kdc[643]: closing down fd 15
> Apr 23 09:17:56 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
> -135})
> 192.168.0.139: PROCESS_TGS: authtime 0,  <unknown client> for
> krbtgt/BIURO.domain@BIURO.domain, Bad encryption type
> Apr 23 09:17:56 pdc krb5kdc[643]: closing down fd 15
> Apr 23 09:17:56 pdc krb5kdc[643]: AS_REQ (5 etypes {23 -133 -128 24
> -135})
> 192.168.0.139: CLIENT_NOT_FOUND: anadrol$@BIURO.domain for
> krbtgt/BIURO.domain@BIURO.domain, Client not found in Kerberos
> database
> Apr 23 09:17:56 pdc krb5kdc[643]: closing down fd 15
> Apr 23 09:17:57 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
> -135})
> 192.168.0.139: PROCESS_TGS: authtime 0,  <unknown client> for
> krbtgt/BIURO.domain@BIURO.domain, Bad encryption type
> Apr 23 09:17:57 pdc krb5kdc[643]: closing down fd 15
> Apr 23 09:17:57 pdc krb5kdc[643]: AS_REQ (5 etypes {23 -133 -128 24
> -135})
> 192.168.0.139: CLIENT_NOT_FOUND: anadrol$@BIURO.domain for
> krbtgt/BIURO.domain@BIURO.domain Client not found in Kerberos
> database
> Apr 23 09:17:57 pdc krb5kdc[643]: closing down fd 15
> Apr 23 09:17:57 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
> -135})
> 192.168.0.139: PROCESS_TGS: authtime 0,  <unknown client> for
> LDAP/pdc.biuro.domain/biuro.domain@BIURO.domain, Bad encryption type
> Apr 23 09:17:57 pdc krb5kdc[643]: closing down fd 15

Somehow you have started MIT krb5 and not Samba on your server.  It is
handling port 88 (kerberos) and is very confused.

Stop the MIT KDC process, and restart samba.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba