Am 19.07.2022 um 22:32 schrieb Rowland Penny via samba:> On Tue, 2022-07-19 at 22:09 +0200, Maurizio Caloro via samba wrote: >> ? krb5-kdc.service - Kerberos 5 Key Distribution Center >> Loaded: loaded (/lib/systemd/system/krb5-kdc.service; enabled; >> vendor preset: enabled) > Turn this off and remove it, you are running two kdc's, the Heimdal one > built into Samba and the MIT kdc. > > Rowlandthanks for quick help, krb5-kdc are gone ? -->rc? krb5-kdc??? 1.18.3-6+deb11u1??? amd64??? MIT Kerberos key server (KDC) or i need to delete all this? # dpkg -l | grep krb5* ii? krb5-config??? 2.6+nmu1??? all??? Configuration files for Kerberos Version 5 rc? krb5-kdc??? 1.18.3-6+deb11u1??? amd64??? MIT Kerberos key server (KDC) ii? krb5-locales??? 1.18.3-6+deb11u1??? all internationalization support for MIT Kerberos ii? krb5-multidev:amd64??? 1.18.3-6+deb11u1??? amd64 development files for MIT Kerberos without Heimdal conflict ii? krb5-user??? 1.18.3-6+deb11u1??? amd64??? basic programs to authenticate using MIT Kerberos ii? libgssapi-krb5-2:amd64??? 1.18.3-6+deb11u1??? amd64??? MIT Kerberos runtime libraries - krb5 GSS-API Mechanism ii? libkrb5-26-heimdal:amd64??? 7.7.0+dfsg-2??? amd64??? Heimdal Kerberos - libraries ii? libkrb5-3:amd64??? 1.18.3-6+deb11u1??? amd64??? MIT Kerberos runtime libraries ii? libkrb5-dev:amd64??? 1.18.3-6+deb11u1??? amd64??? headers and development libraries for MIT Kerberos ii? libkrb5support0:amd64??? 1.18.3-6+deb11u1??? amd64??? MIT Kerberos runtime libraries - Support library but styl the same # kinit Administrator at CALORO.M kinit: Client 'Administrator at CALORO.M' not found in Kerberos database while getting initial credentials
On Tue, 2022-07-19 at 22:56 +0200, Maurizio Caloro via samba wrote:> Am 19.07.2022 um 22:32 schrieb Rowland Penny via samba: > > On Tue, 2022-07-19 at 22:09 +0200, Maurizio Caloro via samba wrote: > > > ? krb5-kdc.service - Kerberos 5 Key Distribution Center > > > Loaded: loaded (/lib/systemd/system/krb5-kdc.service; > > > enabled; > > > vendor preset: enabled) > > Turn this off and remove it, you are running two kdc's, the Heimdal > > one > > built into Samba and the MIT kdc. > > > > Rowland > > thanks for quick help, krb5-kdc are gone > -->rc krb5-kdc 1.18.3-6+deb11u1 amd64 MIT Kerberos key > server (KDC) > > or i need to delete all this?No just krb5-kdc> > but styl the same > > # kinit Administrator at CALORO.M > kinit: Client 'Administrator at CALORO.M' not found in Kerberos > database > while getting initial credentialsThis could be an artefact of having two kdc's running, you may have to join the DC again. Rowland
3 points..
Did you set a PTR record for the servers? if not do so.
In krb5.conf
Restore the debian default, its suffient.
This is all you need for a normal AD-AD/Kerberos domain basicly.
[libdefaults]
default_realm = CALORO.M
dns_lookup_kdc = yes
dns_lookup_realm = no
ticket_lifetime = 24h
And show /etc/resolv.conf
is the primary DNSDomain the first resolving domain?
Run these.
apt remove --autoremove --purge krb5-kdc
apt satisfy winbind samba
that should do it.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba <samba-bounces at lists.samba.org> Namens Maurizio Caloro
via
> samba
> Verzonden: dinsdag 19 juli 2022 22:56
> Aan: Rowland Penny via samba <samba at lists.samba.org>
> Onderwerp: Re: [Samba] Kerberos kinit not running
>
>
> Am 19.07.2022 um 22:32 schrieb Rowland Penny via samba:
> > On Tue, 2022-07-19 at 22:09 +0200, Maurizio Caloro via samba wrote:
> >> ? krb5-kdc.service - Kerberos 5 Key Distribution Center
> >> Loaded: loaded (/lib/systemd/system/krb5-kdc.service;
enabled;
> >> vendor preset: enabled)
> > Turn this off and remove it, you are running two kdc's, the
Heimdal one
> > built into Samba and the MIT kdc.
> >
> > Rowland
>
> thanks for quick help, krb5-kdc are gone
> -->rc krb5-kdc 1.18.3-6+deb11u1 amd64 MIT Kerberos key
> server (KDC)
>
> or i need to delete all this?
>
> # dpkg -l | grep krb5*
> ii krb5-config 2.6+nmu1 all Configuration files for Kerberos
> Version 5
> rc krb5-kdc 1.18.3-6+deb11u1 amd64 MIT Kerberos key server (KDC)
> ii krb5-locales 1.18.3-6+deb11u1 all internationalization support
> for MIT Kerberos
> ii krb5-multidev:amd64 1.18.3-6+deb11u1 amd64 development files
> for MIT Kerberos without Heimdal conflict
> ii krb5-user 1.18.3-6+deb11u1 amd64 basic programs to
> authenticate using MIT Kerberos
> ii libgssapi-krb5-2:amd64 1.18.3-6+deb11u1 amd64 MIT Kerberos
> runtime libraries - krb5 GSS-API Mechanism
> ii libkrb5-26-heimdal:amd64 7.7.0+dfsg-2 amd64 Heimdal
> Kerberos - libraries
> ii libkrb5-3:amd64 1.18.3-6+deb11u1 amd64 MIT Kerberos runtime
> libraries
> ii libkrb5-dev:amd64 1.18.3-6+deb11u1 amd64 headers and
> development libraries for MIT Kerberos
> ii libkrb5support0:amd64 1.18.3-6+deb11u1 amd64 MIT Kerberos
> runtime libraries - Support library
>
> but styl the same
>
> # kinit Administrator at CALORO.M
> kinit: Client 'Administrator at CALORO.M' not found in Kerberos
database
> while getting initial credentials
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba