search for: as_req

...sword are expired. kinit administrator at SAMBA.DOM Password for administrator at SAMBA.DOM Password expired. You must change it now. But I can't change it: kinit: Password has expired while getting initial credentials Here is the logs of this action: Jun 28 09:00:08 krb5kdc[13768](info): AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 192.168.1.194: CLIENT KEY EXPIRED: administrator at SAMBA.DOM for krbtgt/SAMBA.DOM at SAMBA.DOM, Password has expired Jun 28 09:00:08 krb5kdc[13768](info): AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 192.168.1.194: NEEDED_PREAUTH: administrator at SAMBA.DOM fo...

...>: > On Sun, 2017-04-23 at 09:39 +0200, Jakub Kulesza via samba wrote: > > this is what kerberos throws in auth.log when I try to log in with a > > win2008 client: > > > > Apr 23 09:17:38 pdc kadmind[610]: closing down fd 31 > > Apr 23 09:17:55 pdc krb5kdc[643]: AS_REQ (6 etypes {18 17 23 24 -135 > > 3}) > > 192.168.0.139: CLIENT_NOT_FOUND: qubix at GPMV for krbtgt/GPMV at GPMV, > > Client > > not found in Kerberos database > > Apr 23 09:17:55 pdc krb5kdc[643]: closing down fd 15 > > Apr 23 09:17:56 pdc krb5kdc[643]: TGS_REQ (5...

...a local IP address of 192.168.0.107, and its hostname is set to potterbook. On the Mac, no log entries at all occur to indicate what this might be. On the Linux machine, the only logs that seem to get written are in /var/log/samba/mit_kdc.log: "Jul 27 23:53:09 pathfinder krb5kdc[6597](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.0.107: NEEDED_PREAUTH: Administrator at POTTERNET.LAN for krbtgt/POTTERNET.LAN at POTTERNET.LAN, Additional pre-authentication required Jul 27 23:53:09 pathfinder krb5kdc[6597](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.0.107: ISSUE: authtime 1532731989, etypes...

.../etc/krb5.keytab allow_weak_crypto = true [realms] BIURO.domain = { kdc = pdc.biuro.domain admin_server = pdc.biuro.domain } this is what kerberos throws in auth.log when I try to log in with a win2008 client: Apr 23 09:17:38 pdc kadmind[610]: closing down fd 31 Apr 23 09:17:55 pdc krb5kdc[643]: AS_REQ (6 etypes {18 17 23 24 -135 3}) 192.168.0.139: CLIENT_NOT_FOUND: qubix at GPMV for krbtgt/GPMV at GPMV, Client not found in Kerberos database Apr 23 09:17:55 pdc krb5kdc[643]: closing down fd 15 Apr 23 09:17:56 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24 -135}) 192.168.0.139: PROCESS_TGS: auth...

On Sun, 2017-04-23 at 09:39 +0200, Jakub Kulesza via samba wrote: > this is what kerberos throws in auth.log when I try to log in with a > win2008 client: > > Apr 23 09:17:38 pdc kadmind[610]: closing down fd 31 > Apr 23 09:17:55 pdc krb5kdc[643]: AS_REQ (6 etypes {18 17 23 24 -135 > 3}) > 192.168.0.139: CLIENT_NOT_FOUND: qubix at GPMV for krbtgt/GPMV at GPMV, > Client > not found in Kerberos database > Apr 23 09:17:55 pdc krb5kdc[643]: closing down fd 15 > Apr 23 09:17:56 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24 > -135...

...groups = yes winbind enum users = yes [netlogon] path = /var/local/samba/var/lib/samba/netlogon #path = /var/lib/samba/sysvol/biuro.domain/scripts read only = No guest ok = yes The result - the same. logging on a win2008 with user jkadmin gives the following: Apr 23 11:37:36 pdc krb5kdc[656]: AS_REQ (6 etypes {18 17 23 24 -135 3}) 192.168.0.139: CLIENT_NOT_FOUND: jkadmin at biuro.domain.pl for krbtgt/ biuro.domain.pl at biuro.domain.pl, Client not found in Kerberos database Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15 Apr 23 11:37:36 pdc krb5kdc[656]: DISPATCH: repeated (retransmitted?...

...ro.domain/scripts Put netlogon back into sysvol and what happened to the 'sysvol' share ? > read only = No guest ok = yes <-- remove this > > The result - the same. logging on a win2008 with user jkadmin gives > the following: > > Apr 23 11:37:36 pdc krb5kdc[656]: AS_REQ (6 etypes {18 17 23 24 -135 > 3}) 192.168.0.139: CLIENT_NOT_FOUND: jkadmin at biuro.domain.pl for > krbtgt/ biuro.domain.pl at biuro.domain.pl, Client not found in Kerberos > database Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15 > Apr 23 11:37:36 pdc krb5kdc[656]: DISPATCH: repe...

...etwork... krb5kdc: setsockopt(16,IPV6_V6ONLY,1) worked krb5kdc: setsockopt(18,IPV6_V6ONLY,1) worked Jul 03 09:53:37 dc1.mydomain.com krb5kdc[1074](info): set up 4 sockets Jul 03 09:53:37 dc1.mydomain.com krb5kdc[1074](info): commencing operation Jul 03 10:12:01 dc1.mydomain.com krb5kdc[1074](info): AS_REQ (6 etypes {18 17 23 24 -135 3}) 192.168.206.101: NEEDED_PREAUTH: win10$@mydomain.com for krbtgt/mydomain.com at mydomain.com, Additional pre-authentication required Jul 03 10:12:01 dc1.mydomain.com krb5kdc[1074](info): closing down fd 19 Jul 03 10:12:01 dc1.mydomain.com krb5kdc[1074](info): AS_R...

.../usr/share/ovirt-server/ovirt-agent/ovirt-agent.rb:146:in `initialize' /usr/share/ovirt-server/ovirt-agent/ovirt-agent.rb:283:in `new' /usr/share/ovirt-server/ovirt-agent/ovirt-agent.rb:283 And in tail /var/log/krb5kdc.log Oct 09 17:50:34 management.ovirt.priv krb5kdc[1902](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.50.1: ISSUE: authtime 1255103434, etypes {rep=18 tkt=18 ses=18}, qpidd/management.ovirt.priv at OVIRT.PRIV for krbtgt/OVIRT.PRIV at OVIRT.PRIV Oct 09 17:50:48 management.ovirt.priv krb5kdc[1902](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.50.1: NEEDED...

...I have see this recurred lament, (that I don't know what it means and whether it is important or not): set 02 11:54:36 s-addc.studiomosca.net krb5kdc[6764](info): preauth (encrypted_timestamp) verify failure: Preauthentication failed set 02 11:54:36 s-addc.studiomosca.net krb5kdc[6764](info): AS_REQ (6 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), DEPRECATED:arcfour-hmac(23), DEPRECATED:arcfour-hmac-exp(24), (-135), DEPRECATED:des-cbc-md5(3)}) 192.168.1.102: PREAUTH_FAILED: madrid$@STUDIO_MOSCA for krbtgt/STUDIO_MOSCA at STUDIO_MOSCA, Preauthentication failed set 02 11:54:3...

...curred lament, (that > I don't know what it means and whether it is important or not): > > set 02 11:54:36 s-addc.studiomosca.net krb5kdc[6764](info): preauth (encrypted_timestamp) verify failure: Preauthentication failed > set 02 11:54:36 s-addc.studiomosca.net krb5kdc[6764](info): AS_REQ (6 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), DEPRECATED:arcfour-hmac(23), DEPRECATED:arcfour-hmac-exp(24), (-135), DEPRECATED:des-cbc-md5(3)}) 192.168.1.102: PREAUTH_FAILED: madrid$@STUDIO_MOSCA for krbtgt/STUDIO_MOSCA at STUDIO_MOSCA, Preauthentication failed > set 02 11...

...ress ::.88 Mar 22 18:25:05 AD krb5kdc[13403]: setsockopt(13,IPV6_V6ONLY,1) worked Mar 22 18:25:05 AD krb5kdc[13403]: set up 6 sockets Mar 22 18:25:05 AD krb5kdc[13404]: commencing operation Mar 22 18:25:05 AD systemd[1]: Started Kerberos 5 Key Distribution Center. Mar 22 18:25:53 AD krb5kdc[13404]: AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 127.0.0.1: CLIENT_NOT_FOUND: administrator at CALORO.M for krbtgt/CALORO.M at CALORO.M, Client not found in Kerberos database Mar 22 18:31:36 AD krb5kdc[13404]: AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 127.0.0.1: CLIENT_NOT_FOUND: administrator at CALORO.M fo...

...uthorization on samba DC samba_dc_server: samba 4.7.6 krb5-libs 1.15.2-7 windows client: windows7 windows_file_server: windows server 2008 /var/log/samba/mit_kdc.log мар 22 15:43:49 samba_dc_server krb5kdc[17891](info): commencing operation мар 22 15:43:56 samba_dc_server krb5kdc[17891](info): AS_REQ (6 etypes {18 17 23 24 -135 3}) 10.2.1.12: NEEDED_PREAUTH: vas.lah at example.ru for krbtgt/example .ru at example.ru, Additional pre-authentication required мар 22 15:43:56 samba_dc_server krb5kdc[17891](info): closing down fd 20 мар 22 15:43:56 samba_dc_server krb5kdc[17891](info): AS_REQ (6 etyp...

Hello together Installing a new Samba AD on me new installed Debian 10. root at AD:/home/maurizio# /usr/sbin/smbd -V Version 4.9.5-Debian But DNS_Update will by fail: [2020/03/22 13:26:02.266719, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS') [2020/03/22

...n,target_principal=GC/dc7.my.internal.domain/my.internal.domain,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.1.13] NT_STATUS_UNSUCCESSFUL This looks like an auth (Kerberos) error, maybe related to: Dec 07 11:55:49 dc7.my.internal.domain krb5kdc[22191](info): AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 192.168.11.25: NEEDED_PREAUTH: DC7$@MY.INTERNAL.DOMAIN for krbtgt/MY.INTERNAL.DOMAIN at MY.INTERNAL.DOMAIN, Additional pre-authentication required Any ideas what's going wrong here? (I already went through the usual first steps, time is in sync, dns entri...

...MBA.DOM > Password for administrator at SAMBA.DOM > Password expired. You must change it now. > > But I can't change it: > kinit: Password has expired while getting initial credentials > > Here is the logs of this action: > > Jun 28 09:00:08 krb5kdc[13768](info): AS_REQ (8 etypes {18 17 20 19 16 23 > 25 26}) 192.168.1.194: CLIENT KEY EXPIRED: administrator at SAMBA.DOM for > krbtgt/SAMBA.DOM at SAMBA.DOM, Password has expired > I 'm not sure but maybe if I could reset the admin password it could help? > Is there any way of doing that? This is not...

Is there a flavor of the pam_winbind module that uses Challenge/Response (CRAP) for authentication? I have samba-3.0.25 and the pam_winbind module only does cleartext. This fails when trying to authenticate against AD. I'd like to switch our app from using ntlm_auth to pam. I did a quick hack an added winbind_auth_request_crap() and it works, but I'm wondering if anyone else has

...rted in log files i get this messages ==> /var/log/messages <== Jun 25 04:53:50 main ruby: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No credentials cache found) ==> /var/log/krb5kdc.log <== Jun 25 04:53:49 main.forex-24h.com krb5kdc[1862](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.12.105.132: ISSUE: authtime 1245923629, etypes {rep=18 tkt=18 ses=18}, qpidd/main.forex-24h.com at FOREX-24H.COM for krbtgt/FOREX-24H.COM at FOREX-24H.COM Bad configured dns can cause this error ? I think so because when second node try connect to qpid appear m...

I finally found it, thanks to a clue from https://wiki.archlinux.org/index.php/Active_Directory_Integration This works: kinit -k -t /etc/krb5.keytab 'WRN-RADTEST$' These don't work: kinit -k -t /etc/krb5.keytab kinit -k -t /etc/krb5.keytab host/wrn-radtest.ad.example.net kinit -k -t /etc/krb5.keytab host/wrn-radtest That is: the keytab contains three different principals: root

...orrectly resolved. This happens to ALL windows machines I join to the domain, and rejoining doesn't do anytihng. Purging kerberos tickets for 0x3e7 and trying to access a network share as LocalSystem (psexec -s -i -d cmd) to get a new one doesn´t work. I ran wireshark to examine the AS_REP and AS_REQ, and decrypted the TGT using an exported keytab from the linux server to check if the machine was being correctly identified and it was, even group membership was correctly included. wbinfo and getent from another linux server in the domain show correct id and group membership for the windows machi...