Mateo Duffour
2022-Apr-13 17:35 UTC
[Samba] Samba AD DC on a trust relationship with IdM - kpasswd not working porperly
Hi, We've configured a two way trust of IdM with our Samba 4.16.0, now we are getting the same behavior mentioned on the Samba https://bugzilla.samba.org/show_bug.cgi?id=15021 Many thanks. Lic. Mateo Duffour Unidad Inform?tica 2901.40.91 [ http://maps.apple.com/?q=18%20de%20julio%20985%20-%20Piso%204,Montevideo,Uruguay | 18 de julio 985 - Piso 3, Montevideo, Uruguay ] [ http://www.fnr.gub.uy/ | ] No me imprimas si no es necesario. Protejamos el medio ambiente. Este mensaje y la informaci?n adjunta al mismo est? dirigido exclusivamente a su destinatario. Puede contener informaci?n confidencial, privilegiada o de uso restringido, protegida por las normas. Si Ud. recibi? este e-mail por error, por favor, s?rvase notificarle a quien se lo envi? y borrar el original. Cualquier otro uso del e-mail por Ud. est? prohibido. ----- Original Message ----- From: "Rowland Penny via samba" <samba at lists.samba.org> To: "samba" <samba at lists.samba.org> Cc: "Rowland Penny" <rpenny at samba.org> Sent: Thursday, 7 April, 2022 12:54:27 Subject: Re: [Samba] Samba AD DC on a trust relationship with IdM - kpasswd not working porperly On Thu, 2022-04-07 at 12:39 -0300, Mateo Duffour via samba wrote:> Hi, > > We've updated our Samba server version to 4.16.0 and we're getting > this error now (when trying to login with any user): > > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx krb5_child[4846]: Error > constructing AP-REQ armor: Server > krbtgt/ADTEST.xxx.xxx.xx at IDMPRU.xxx.xxx.xx not found in Kerberos > database > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx krb5_child[4846]: Error > constructing AP-REQ armor: Server > krbtgt/ADTEST.xxx.xxx.xx at IDMPRU.xxx.xxx.xx not found in Kerberos > database > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx sshd[4842]: > pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 > tty=ssh ruser= rhost=10.9.9.4 user=usu7 at adtest.xxx.xxx.xx > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx sshd[4842]: > pam_sss(sshd:auth): received for user usu7 at adtest.xxx.xxx.xx: 4 > (System error) > Apr 07 11:50:48 idmsrvpru.idmpru.xxx.xxx.xx sshd[4840]: error: PAM: > Authentication failure for usu7 at adtest.xxx.xxx.xx from 10.9.9.4 > > Any help is appreciated, regards.None of that appears to be coming from Samba, could it be coming from sssd ? If so, I suggest you ask on the sssd-users mailing list. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Mateo Duffour
2022-Apr-20 19:23 UTC
[Samba] Samba AD DC on a trust relationship with IdM - kpasswd not working porperly
Hi, The error we are experimenting is the same that happened to us with Samba 4.15. Any help is appreciated, regards. Lic. Mateo Duffour Unidad Inform?tica 2901.40.91 [ http://maps.apple.com/?q=18%20de%20julio%20985%20-%20Piso%204,Montevideo,Uruguay | 18 de julio 985 - Piso 3, Montevideo, Uruguay ] [ http://www.fnr.gub.uy/ | ] No me imprimas si no es necesario. Protejamos el medio ambiente. Este mensaje y la informaci?n adjunta al mismo est? dirigido exclusivamente a su destinatario. Puede contener informaci?n confidencial, privilegiada o de uso restringido, protegida por las normas. Si Ud. recibi? este e-mail por error, por favor, s?rvase notificarle a quien se lo envi? y borrar el original. Cualquier otro uso del e-mail por Ud. est? prohibido. ----- Original Message ----- From: "Mateo Duffour" <mduffour at fnr.gub.uy> To: "samba" <samba at lists.samba.org> Cc: "Rowland Penny" <rpenny at samba.org>, "Juan Andr?s Ghigliazza" <aghigliazza at fnr.gub.uy> Sent: Wednesday, 13 April, 2022 14:35:39 Subject: Re: [Samba] Samba AD DC on a trust relationship with IdM - kpasswd not working porperly Hi, We've configured a two way trust of IdM with our Samba 4.16.0, now we are getting the same behavior mentioned on the Samba https://bugzilla.samba.org/show_bug.cgi?id=15021 Many thanks. Lic. Mateo Duffour Unidad Inform?tica 2901.40.91 [ http://maps.apple.com/?q=18%20de%20julio%20985%20-%20Piso%204,Montevideo,Uruguay | 18 de julio 985 - Piso 3, Montevideo, Uruguay ] [ http://www.fnr.gub.uy/ | ] No me imprimas si no es necesario. Protejamos el medio ambiente. Este mensaje y la informaci?n adjunta al mismo est? dirigido exclusivamente a su destinatario. Puede contener informaci?n confidencial, privilegiada o de uso restringido, protegida por las normas. Si Ud. recibi? este e-mail por error, por favor, s?rvase notificarle a quien se lo envi? y borrar el original. Cualquier otro uso del e-mail por Ud. est? prohibido. ----- Original Message ----- From: "Rowland Penny via samba" <samba at lists.samba.org> To: "samba" <samba at lists.samba.org> Cc: "Rowland Penny" <rpenny at samba.org> Sent: Thursday, 7 April, 2022 12:54:27 Subject: Re: [Samba] Samba AD DC on a trust relationship with IdM - kpasswd not working porperly On Thu, 2022-04-07 at 12:39 -0300, Mateo Duffour via samba wrote:> Hi, > > We've updated our Samba server version to 4.16.0 and we're getting > this error now (when trying to login with any user): > > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx krb5_child[4846]: Error > constructing AP-REQ armor: Server > krbtgt/ADTEST.xxx.xxx.xx at IDMPRU.xxx.xxx.xx not found in Kerberos > database > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx krb5_child[4846]: Error > constructing AP-REQ armor: Server > krbtgt/ADTEST.xxx.xxx.xx at IDMPRU.xxx.xxx.xx not found in Kerberos > database > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx sshd[4842]: > pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 > tty=ssh ruser= rhost=10.9.9.4 user=usu7 at adtest.xxx.xxx.xx > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx sshd[4842]: > pam_sss(sshd:auth): received for user usu7 at adtest.xxx.xxx.xx: 4 > (System error) > Apr 07 11:50:48 idmsrvpru.idmpru.xxx.xxx.xx sshd[4840]: error: PAM: > Authentication failure for usu7 at adtest.xxx.xxx.xx from 10.9.9.4 > > Any help is appreciated, regards.None of that appears to be coming from Samba, could it be coming from sssd ? If so, I suggest you ask on the sssd-users mailing list. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba