Web lists-archives.com

Re: [Samba] kerberos got crazy after ubuntu upgrade from 14.04 to 16.04




Andrew, thanks for answering. My ubuntu shows this:

# systemctl | grep kr
  krb5-admin-server.service                         loaded active running
Kerberos 5 Admin Server
  krb5-kdc.service                                  loaded active running
Kerberos 5 Key Distribution Center

Should I disable both?

2017-04-23 12:39 GMT+02:00 Andrew Bartlett <abartlet@xxxxxxxxx>:

> On Sun, 2017-04-23 at 09:39 +0200, Jakub Kulesza via samba wrote:
> > this is what kerberos throws in auth.log when I try to log in with a
> > win2008 client:
> >
> > Apr 23 09:17:38 pdc kadmind[610]: closing down fd 31
> > Apr 23 09:17:55 pdc krb5kdc[643]: AS_REQ (6 etypes {18 17 23 24 -135
> > 3})
> > 192.168.0.139: CLIENT_NOT_FOUND: qubix@GPMV for krbtgt/GPMV@GPMV,
> > Client
> > not found in Kerberos database
> > Apr 23 09:17:55 pdc krb5kdc[643]: closing down fd 15
> > Apr 23 09:17:56 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
> > -135})
> > 192.168.0.139: PROCESS_TGS: authtime 0,  <unknown client> for
> > krbtgt/BIURO.domain@BIURO.domain, Bad encryption type
> > Apr 23 09:17:56 pdc krb5kdc[643]: closing down fd 15
> > Apr 23 09:17:56 pdc krb5kdc[643]: AS_REQ (5 etypes {23 -133 -128 24
> > -135})
> > 192.168.0.139: CLIENT_NOT_FOUND: anadrol$@BIURO.domain for
> > krbtgt/BIURO.domain@BIURO.domain, Client not found in Kerberos
> > database
> > Apr 23 09:17:56 pdc krb5kdc[643]: closing down fd 15
> > Apr 23 09:17:57 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
> > -135})
> > 192.168.0.139: PROCESS_TGS: authtime 0,  <unknown client> for
> > krbtgt/BIURO.domain@BIURO.domain, Bad encryption type
> > Apr 23 09:17:57 pdc krb5kdc[643]: closing down fd 15
> > Apr 23 09:17:57 pdc krb5kdc[643]: AS_REQ (5 etypes {23 -133 -128 24
> > -135})
> > 192.168.0.139: CLIENT_NOT_FOUND: anadrol$@BIURO.domain for
> > krbtgt/BIURO.domain@BIURO.domain Client not found in Kerberos
> > database
> > Apr 23 09:17:57 pdc krb5kdc[643]: closing down fd 15
> > Apr 23 09:17:57 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
> > -135})
> > 192.168.0.139: PROCESS_TGS: authtime 0,  <unknown client> for
> > LDAP/pdc.biuro.domain/biuro.domain@BIURO.domain, Bad encryption type
> > Apr 23 09:17:57 pdc krb5kdc[643]: closing down fd 15
>
> Somehow you have started MIT krb5 and not Samba on your server.  It is
> handling port 88 (kerberos) and is very confused.
>
> Stop the MIT KDC process, and restart samba.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/
> services/samba
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba