Web lists-archives.com

[Samba] heidmal to mit adminstrator password expired




Hello,

I'm using samba as active directory with heidmal kerberos. I would like to
switch to MIT kerberos as this is the implementation my distrib has chosen.

I've made my kdc.conf according to these instructions:
https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC

But I can't authenticate it seems all my password are expired.

kinit administrator@xxxxxxxxx
Password for administrator@xxxxxxxxx
Password expired.  You must change it now.

But I can't change it:
kinit: Password has expired while getting initial credentials

Here is the logs of this action:

Jun 28 09:00:08  krb5kdc[13768](info): AS_REQ (8 etypes {18 17 20 19 16 23
25 26}) 192.168.1.194: CLIENT KEY EXPIRED: administrator@xxxxxxxxx for
krbtgt/SAMBA.DOM@xxxxxxxxx, Password has expired

Jun 28 09:00:08  krb5kdc[13768](info): AS_REQ (8 etypes {18 17 20 19 16 23
25 26}) 192.168.1.194: NEEDED_PREAUTH: administrator@xxxxxxxxx for
kadmin/changepw@xxxxxxxxx, Additional pre-authentication required

Jun 28 09:00:11  krb5kdc[13768](info): AS_REQ (8 etypes {18 17 20 19 16 23
25 26}) 192.168.1.194: ISSUE: authtime 1530165611, etypes {rep=18 tkt=23
ses=23}, administrator@xxxxxxxxx for kadmin/changepw@xxxxxxxxx

Jun 28 09:00:18  krb5kdc[13768](info): AS_REQ (8 etypes {18 17 20 19 16 23
25 26}) 192.168.1.194: CLIENT KEY EXPIRED: administrator@xxxxxxxxx for
krbtgt/SAMBA.DOM@xxxxxxxxx, Password has expired

I 'm not sure but maybe if I could reset the admin password it could help?
Is there any way of doing that?

Any help welcome.

Thank you.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba