search for: krb5_get_init_creds

I have some problem whit Kerberos. OS: FreeBSD 5.3 Domain: W2k3 native mode. 1)I am Installing Heimdal 0.6.1 over port. Config /etc/krb5.conf %/usr/local/bin/kinit ivan ivan@NKMK.RU's Password: kinit: krb5_get_init_creds: Response too big for UDP, retry with TCP 2)Compile and install Heimdal 0.6.4 over source %/usr/local/bin/kinit ivan ivan@NKMK.RU's Password: kinit: krb5_get_init_creds: Additional pre-authentication required 3)Install over ports MIT krb5-1.3.4 %/usr/local/bin/kinit ivan Password for ivan...

...t for kinit with the -k and -t switches. BUT: All I got is: Additional pre-authentication required. (which seems to be the least explanatory of all samba errors...) Here follow my tries: --------------SCHNIPP------------------------ linux-router:~ # kinit --use-keytab -t /etc/krb5.keytab kinit: krb5_get_init_creds: Additional pre-authentication required linux-router:~ # ktutil -k /etc/krb5.keytab list /etc/krb5.keytab: Vno Type Principal 1 des-cbc-crc host/linux-router.linux.xxxxx.local@LINUX.XXXXX.LOCAL linux-router:~ # kinit -k host/linux-router.linux.xxxxxx.local kinit: krb5_get_init_creds:...

....g. for NFS client/server) the ccache files only report usage of ?arcfour-hmac-md5“. Trying to remove non-aes keys from keytab, or limiting supported types will result in an error like this: # kinit -e aes256-cts-hmac-sha1-96 Administrator Administrator at S4DOM.TEST's Password: kinit: krb5_get_init_creds: KDC has no support for encryption type # kinit -e arcfour-hmac-md5 Administrator Administrator at S4DOM.TEST's Password: ⇒ Succeeds, with arcfour ticket This looks like the samba 4 DC does not offer AES encryption types at all. So I tried to raise the function level (if i recall correctl...

I am setting up samba in a windows 2003 environment and am trying to confirm kerberos authentication. When I run kinit on my Linux machine I get a message kinit administrator@cablecar.local administrator@cablecar.local's Password kinit:: krb5_get_init_creds: unable to reach any KDC in realm cablecar..local I can ping my domain server by name just fine. Am I missing something that needs to be either done on windows or on linux to enable that I also tried modifying krb5.conf to no avail also [libdefaults] default_realm = CABLECAR.LOCAL...

...iction has been enforced" and a Debian Stretch client responds "You are not allowed to logon from this workstation". The Samba DC will provide a non-forwardable TGT, if you ask for it with kinit -F command from the Linux client. Issuing the command kinit -f will again fail with "krb5_get_init_creds: Ticket may not be forwardable". Investigation with Wireshark showed that after receiving an AS-REQ for a TGT with the forwardable flag set, the Samba 4.5.12 DC responds a KRB5KDC_ERR_POLICY with e-text "Ticket may not be forwardabale" (same as kinit -f). This behavior is correct ac...

...gon] path = /var/lib/samba/sysvol/example-aid.com/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [lab] path = /srv/samba/lab read only = no vfs objects = full_audit I cannot even 'to kinit', I get: kinit: krb5_get_init_creds: unable to reach any KDC in realm EXAMPLE.COM Please could you help me? Thanks in advance... Thanks in advance -- -- Sergio Belkin LPIC-2 Certified - http://www.lpi.org

...iction has been enforced" and a Debian Stretch client responds "You are not allowed to logon from this workstation". The Samba DC will provide a non-forwardable TGT, if you ask for it with kinit -F command from the Linux client. Issuing the command kinit -f will again fail with "krb5_get_init_creds: Ticket may not be forwardable". >> >> Investigation with Wireshark showed that after receiving an AS-REQ for a TGT with the forwardable flag set, the Samba 4.5.12 DC responds a KRB5KDC_ERR_POLICY with e-text "Ticket may not be forwardabale" (same as kinit -f). This behav...

...wins server = 192.168.1.1 192.168.1.4 password server = srv1 ------------------------------------------------------------------------ However, when I try to "kinit", I get this: root@Bonaparte:~# kinit Administrator@DOMAIN.LOCAL Administrator@DOMAIN.LOCAL's Password: kinit: krb5_get_init_creds: Response too big for UDP, retry with TCP and when I try to "net ads join" into the domain, I get this: root@Bonaparte:~# net ads join -U Administrator%password [2007/07/10 08:54:38, 0] libads/kerberos.c:ads_kinit_password(208) kerberos_kinit_password Administrator@DOMAIN.LOCAL faile...

Hi There, I have an odd issue with my samba4 infrastructure, I have two servers both replicating fine. DC1 passes all tests documented here: https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller Except the following test: # kinit administrator # kinit: krb5_get_init_creds: Client (administrator at DOMAIN.NAME.COM.AU) unknown And in the logs I have found the following: # kinit for SERVER1$@DOMAIN.NAME.COM.AU failed (Client not found in Kerberos database) SERVER1 is my DC1, not sure why it has a $ right before the @ is this normal? I get the same error when running...

...iction has been enforced" and a Debian Stretch client responds "You are not allowed to logon from this workstation". The Samba DC will provide a non-forwardable TGT, if you ask for it with kinit -F command from the Linux client. Issuing the command kinit -f will again fail with "krb5_get_init_creds: Ticket may not be forwardable". > > > > Investigation with Wireshark showed that after receiving an AS-REQ for a TGT with the forwardable flag set, the Samba 4.5.12 DC responds a KRB5KDC_ERR_POLICY with e-text "Ticket may not be forwardabale" (same as kinit -f). This b...

Hi There, I have an odd issue with my samba4 infrastructure, I have two servers both replicating fine. DC1 passes all tests documented here: https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller Except the following test: # kinit administrator # kinit: krb5_get_init_creds: Client (administrator at DOMAIN.NAME.COM.AU) unknown And in the logs I have found the following: # kinit for SERVER1$@DOMAIN.NAME.COM.AU failed (Client not found in Kerberos database) SERVER1 is my DC1, not sure why it has a $ right before the @ is this normal? I get the same error when runni...

...[sysvol] > > path = /var/lib/samba/sysvol > > read only = No > > [lab] > > path = /srv/samba/lab > > read only = no > > vfs objects = full_audit > > > > I cannot even 'to kinit', I get: > > kinit: krb5_get_init_creds: unable to reach any KDC in realm > > EXAMPLE.COM > > > > Please could you help me? > > > > Thanks in advance... > > > > > > > > > > > > > > > > Thanks in advance > > -- > > -- > > Sergio Belkin > &gt...

..., choose one close by for best performance. (You shouldn't need to do this if your DNS for the domain resolves to a domain controller.) Gordon On Fri, 2005-04-08 at 15:41 +0100, Penny Willisson wrote: Thanks When I run 'kinit administrator' I get the following error kinit: krb5_get_init_creds: unable to reach any KDC in realm ellisonslegal.com any ideas??? -----Original Message----- From: samba-bounces+pw=ellisonslegal.com@lists.samba.org [mailto: samba-bounces+pw=ellisonslegal.com@lists.samba.org]On Behalf Of Dimitri Yioulos Sent: 08 April 2005 13:30 To: samba@lists.samba....

...he ccache files only report usage of ?arcfour-hmac-md5“. > > Trying to remove non-aes keys from keytab, or limiting supported types will result in an error like this: > > # kinit -e aes256-cts-hmac-sha1-96 Administrator > Administrator at S4DOM.TEST's Password: > kinit: krb5_get_init_creds: KDC has no support for encryption type > > # kinit -e arcfour-hmac-md5 Administrator > Administrator at S4DOM.TEST's Password: > ⇒ Succeeds, with arcfour ticket > > This looks like the samba 4 DC does not offer AES encryption types at all. > > So I tried to raise the...

...as a standalone host, on a > network isolated from the Production Server (PS). > The DR's /var/db/samba4 directory, which contains the private > directory, was then renamed and replaced with the PS' /var/db/samba4 > backup. kinit now fails on the DR with: > > kinit: krb5_get_init_creds: unable to reach any KDC in realm > PRODUCTION > > Will samba_dnsupdate --verbose resolve this situation? > Is there a way for the DR host to seize the KDC? > What is the correct procedure to provision and clone a DR host from a > backup? The correct procedure is https://wi...

...a >> network isolated from the Production Server (PS). >> The DR's /var/db/samba4 directory, which contains the private >> directory, was then renamed and replaced with the PS' /var/db/samba4 >> backup. kinit now fails on the DR with: >> >> kinit: krb5_get_init_creds: unable to reach any KDC in realm >> PRODUCTION >> >> Will samba_dnsupdate --verbose resolve this situation? >> Is there a way for the DR host to seize the KDC? >> What is the correct procedure to provision and clone a DR host from a >> backup? > > The...

After installing 6.4-RELEASE on my secondary KDC I decided to test the secondary KDC. When trying kinit I get this error: jcw@w17 ~ $ kinit jcw@STRADAMOTORSPORTS.COM's Password: kinit: krb5_get_init_creds: Key size is incompatible with encryption type One post on the net says that Heimdal changed the key format to add some padding or somesuch. I haven't gone about fixing the problem yet so maybe that post is not applicable to FreeBSD. Just the same I thought I would let folks know that the...

...;realm' keyword in the smb.conf file. It seems to be okay with security = ads, but that doesn't do much good if it can't determine the realm. ;) Also, I'm running into the same udp-too-big error, and the above fix using /etc/krb5.conf does not work. I end up with: kinit: krb5_get_init_creds: unable to reach any KDC in realm {MY.REALM} I'm pulling down the latest heimdal now, but I had to do a trick to get even 0.6.3 to compile -- I had to close permissions to /usr/include/gssapi (otherwise it complained about duplicate definitions of stuff). I tried using MIT's kerberos...

...iction has been enforced" and a Debian Stretch client responds "You are not allowed to logon from this workstation". The Samba DC will provide a non-forwardable TGT, if you ask for it with kinit -F command from the Linux client. Issuing the command kinit -f will again fail with "krb5_get_init_creds: Ticket may not be forwardable". > > Investigation with Wireshark showed that after receiving an AS-REQ for a TGT with the forwardable flag set, the Samba 4.5.12 DC responds a KRB5KDC_ERR_POLICY with e-text "Ticket may not be forwardabale" (same as kinit -f). This behavior is...

...linux:~ # wbinfo --sequence LAC : DISCONNECTED EU : DISCONNECTED AP : DISCONNECTED UIS : 19895750 TRIMBLRDLINUX : 1 BUILTIN : 1 NA : 15410431 If I try a kinit, here is the output: linux:~ # kinit inblr-auth1@eu.uis.unisys.com inblr-auth1@eu.uis.unisys.com's Password: kinit: krb5_get_init_creds: unable to reach any KDC in realm eu.uis.unisys.com When I look at the logs for this domain, I see the following. Notice that it is correctly identifying a domain controller in that domain, but starts failing after that. [2006/02/22 15:12:51, 10] libsmb/namequery.c:internal_resolve_name(11...