Web lists-archives.com

Re: [Samba] kerberos got crazy after ubuntu upgrade from 14.04 to 16.04




Andrew, be sure to ring me up when you're in Warsaw/PL. I owe you a few
beers :)

I've stopped both and IT WORKS.

2017-04-23 13:21 GMT+02:00 Jakub Kulesza <jakkul+samba@xxxxxxxxx>:

> Andrew, thanks for answering. My ubuntu shows this:
>
> # systemctl | grep kr
>   krb5-admin-server.service                         loaded active running
>   Kerberos 5 Admin Server
>   krb5-kdc.service                                  loaded active running
>   Kerberos 5 Key Distribution Center
>
> Should I disable both?
>
> 2017-04-23 12:39 GMT+02:00 Andrew Bartlett <abartlet@xxxxxxxxx>:
>
>> On Sun, 2017-04-23 at 09:39 +0200, Jakub Kulesza via samba wrote:
>> > this is what kerberos throws in auth.log when I try to log in with a
>> > win2008 client:
>> >
>> > Apr 23 09:17:38 pdc kadmind[610]: closing down fd 31
>> > Apr 23 09:17:55 pdc krb5kdc[643]: AS_REQ (6 etypes {18 17 23 24 -135
>> > 3})
>> > 192.168.0.139: CLIENT_NOT_FOUND: qubix@GPMV for krbtgt/GPMV@GPMV,
>> > Client
>> > not found in Kerberos database
>> > Apr 23 09:17:55 pdc krb5kdc[643]: closing down fd 15
>> > Apr 23 09:17:56 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
>> > -135})
>> > 192.168.0.139: PROCESS_TGS: authtime 0,  <unknown client> for
>> > krbtgt/BIURO.domain@BIURO.domain, Bad encryption type
>> > Apr 23 09:17:56 pdc krb5kdc[643]: closing down fd 15
>> > Apr 23 09:17:56 pdc krb5kdc[643]: AS_REQ (5 etypes {23 -133 -128 24
>> > -135})
>> > 192.168.0.139: CLIENT_NOT_FOUND: anadrol$@BIURO.domain for
>> > krbtgt/BIURO.domain@BIURO.domain, Client not found in Kerberos
>> > database
>> > Apr 23 09:17:56 pdc krb5kdc[643]: closing down fd 15
>> > Apr 23 09:17:57 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
>> > -135})
>> > 192.168.0.139: PROCESS_TGS: authtime 0,  <unknown client> for
>> > krbtgt/BIURO.domain@BIURO.domain, Bad encryption type
>> > Apr 23 09:17:57 pdc krb5kdc[643]: closing down fd 15
>> > Apr 23 09:17:57 pdc krb5kdc[643]: AS_REQ (5 etypes {23 -133 -128 24
>> > -135})
>> > 192.168.0.139: CLIENT_NOT_FOUND: anadrol$@BIURO.domain for
>> > krbtgt/BIURO.domain@BIURO.domain Client not found in Kerberos
>> > database
>> > Apr 23 09:17:57 pdc krb5kdc[643]: closing down fd 15
>> > Apr 23 09:17:57 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
>> > -135})
>> > 192.168.0.139: PROCESS_TGS: authtime 0,  <unknown client> for
>> > LDAP/pdc.biuro.domain/biuro.domain@BIURO.domain, Bad encryption type
>> > Apr 23 09:17:57 pdc krb5kdc[643]: closing down fd 15
>>
>> Somehow you have started MIT krb5 and not Samba on your server.  It is
>> handling port 88 (kerberos) and is very confused.
>>
>> Stop the MIT KDC process, and restart samba.
>>
>> Andrew Bartlett
>>
>> --
>> Andrew Bartlett                       http://samba.org/~abartlet/
>> Authentication Developer, Samba Team  http://samba.org
>> Samba Developer, Catalyst IT          http://catalyst.net.nz/service
>> s/samba
>>
>>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba