search for: krb5kdc

...keytab_name = /etc/krb5.keytab allow_weak_crypto = true [realms] BIURO.domain = { kdc = pdc.biuro.domain admin_server = pdc.biuro.domain } this is what kerberos throws in auth.log when I try to log in with a win2008 client: Apr 23 09:17:38 pdc kadmind[610]: closing down fd 31 Apr 23 09:17:55 pdc krb5kdc[643]: AS_REQ (6 etypes {18 17 23 24 -135 3}) 192.168.0.139: CLIENT_NOT_FOUND: qubix at GPMV for krbtgt/GPMV at GPMV, Client not found in Kerberos database Apr 23 09:17:55 pdc krb5kdc[643]: closing down fd 15 Apr 23 09:17:56 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24 -135}) 192.168.0.139: PROC...

...s driving bonkers. A couple of weeks ago I started working on implementing Kerberos. I got as far as getting the primary/master KDC running on our CentOS development system before I got dragged off to work on something a little more pressing. I finally got back to it this week only to find that the krb5kdc service now fails to start. A check of the log files shows it has been working right up until the system was rebooted Sunday night. The reboot itself was not the problem as there had been previous reboots after which krb5kdc was able to restart. Here are the log entries for that latest retry: J...

...t at samba.org>: > On Sun, 2017-04-23 at 09:39 +0200, Jakub Kulesza via samba wrote: > > this is what kerberos throws in auth.log when I try to log in with a > > win2008 client: > > > > Apr 23 09:17:38 pdc kadmind[610]: closing down fd 31 > > Apr 23 09:17:55 pdc krb5kdc[643]: AS_REQ (6 etypes {18 17 23 24 -135 > > 3}) > > 192.168.0.139: CLIENT_NOT_FOUND: qubix at GPMV for krbtgt/GPMV at GPMV, > > Client > > not found in Kerberos database > > Apr 23 09:17:55 pdc krb5kdc[643]: closing down fd 15 > > Apr 23 09:17:56 pdc krb5kdc[643...

...o winbind enum groups = yes winbind enum users = yes [netlogon] path = /var/local/samba/var/lib/samba/netlogon #path = /var/lib/samba/sysvol/biuro.domain/scripts read only = No guest ok = yes The result - the same. logging on a win2008 with user jkadmin gives the following: Apr 23 11:37:36 pdc krb5kdc[656]: AS_REQ (6 etypes {18 17 23 24 -135 3}) 192.168.0.139: CLIENT_NOT_FOUND: jkadmin at biuro.domain.pl for krbtgt/ biuro.domain.pl at biuro.domain.pl, Client not found in Kerberos database Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15 Apr 23 11:37:36 pdc krb5kdc[656]: DISPATCH: repeated (r...

...mba/sysvol/biuro.domain/scripts Put netlogon back into sysvol and what happened to the 'sysvol' share ? > read only = No guest ok = yes <-- remove this > > The result - the same. logging on a win2008 with user jkadmin gives > the following: > > Apr 23 11:37:36 pdc krb5kdc[656]: AS_REQ (6 etypes {18 17 23 24 -135 > 3}) 192.168.0.139: CLIENT_NOT_FOUND: jkadmin at biuro.domain.pl for > krbtgt/ biuro.domain.pl at biuro.domain.pl, Client not found in Kerberos > database Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15 > Apr 23 11:37:36 pdc krb5kdc[656]: D...

Hello, if starting /etc/init.d/krb5kdc, kerberos binds to eth1 and the *current* ip of ppp0. # netstat -nap | grep :750\\b udp 0 0 91.9.220.166:750 0.0.0.0:* 3180/krb5kdc udp 0 0 192.168.0.1:750 0.0.0.0:* 3180/krb5kdc # netstat -...

On Sun, 2017-04-23 at 09:39 +0200, Jakub Kulesza via samba wrote: > this is what kerberos throws in auth.log when I try to log in with a > win2008 client: > > Apr 23 09:17:38 pdc kadmind[610]: closing down fd 31 > Apr 23 09:17:55 pdc krb5kdc[643]: AS_REQ (6 etypes {18 17 23 24 -135 > 3}) > 192.168.0.139: CLIENT_NOT_FOUND: qubix at GPMV for krbtgt/GPMV at GPMV, > Client > not found in Kerberos database > Apr 23 09:17:55 pdc krb5kdc[643]: closing down fd 15 > Apr 23 09:17:56 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23...

...ight Andrew Tridgell and the Samba Team 1992-2018 [2018/07/03 09:53:35.314221, 0] ../source4/smbd/server.c:638(binary_smbd_main) binary_smbd_main: samba: using 'standard' process model [2018/07/03 09:53:37.069464, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) /usr/sbin/krb5kdc: krb5kdc: starting... # cat /var/log/samba/log.samba (log level = 3) [2018/07/03 13:08:54.701296, 3] ../lib/ldb-samba/ldb_wrap.c:326(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2018/07/03 13:08:56.158460, 3] ../libcli/auth/schannel_state_tdb.c:362(schannel_store_challenge_tdb) schan...

...segments without issue. I'm having problems starting Kerberos, specifically, 'krb5-kdc' and 'krb5-admin-server' It appears it cannot identify the realm/domain It appears Samba is not identifying itself. adam at sogo:~$ sudo service krb5-kdc start * Starting Kerberos KDC krb5kdc krb5kdc: Configuration file does not specify default realm, attempting to retrieve default realm adam at sogo:~$ sudo service krb5-admin-server start * Starting Kerberos administrative servers kadmind kadmind: Configuration file does not specify default realm while initializing, aborting I...

...SJC * Does this ticket look ok? the krbtgt record looks a little odd to me. I figure I should get ADMIN/chris, and I cannot see any entries for STAFF realm left over. I kdestroyed the ticket and recreated it, but no luck kdc.conf [kdcdefaults] kdc_ports = 88 acl_file = /etc/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /etc/kerberos/krb5kdc/kadm5.keytab [realms] ADMIN.SJC = { master_key_type = des3-cbc-sha1 supported_enctypes = des3-cbc-sha1:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3 profile = /etc/krb5.conf database_name...

...a so old Samba Version, yes today i have download 4.12 the source Was quick compiled and installed, nice. I fighting with Kerberos..... or will this running when AD are up and running? root at AD:/# cat /etc/krb5.conf [logging] Default = FILE:/var/log/krb5.log kdc = FILE:/var/log/krb5Kdc.log admin_server = FILE:/var/log/krb5adm.log [libdefaults] default_realm = CALORO.M [realms] CALORO.M = { kdc = ad.caloro.m:88 admin_server = ad.caloro.m:749 default_domain = caloro.m } [domain_realm] .caloro.m = CALORO.M caloro.m = CALORO....

...)" The Mac has a local IP address of 192.168.0.107, and its hostname is set to potterbook. On the Mac, no log entries at all occur to indicate what this might be. On the Linux machine, the only logs that seem to get written are in /var/log/samba/mit_kdc.log: "Jul 27 23:53:09 pathfinder krb5kdc[6597](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.0.107: NEEDED_PREAUTH: Administrator at POTTERNET.LAN for krbtgt/POTTERNET.LAN at POTTERNET.LAN, Additional pre-authentication required Jul 27 23:53:09 pathfinder krb5kdc[6597](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.0.107: ISSUE: authtime...

...passwd: compat winbind group: compat winbind shadow: compat hosts: files dns wins networks: files dns protocols: db files services: db files ethers: db files rpc: db files kdc.conf [kdcdefaults] kdc_ports = 88,750 [realms] EXAMPLE.COM = { database_name = /etc/krb5kdc/principal admin_keytab = /etc/krb5kdc/kadm5.keytab acl_file = /etc/krb5kdc/kadm5.acl dict_file = /etc/krb5kdc/kadm5.dict key_stash_file = /etc/krb5kdc/.k5.EXAMPLE.COM kadmind_port = 749 max_life = 10h 0m 0s max_renewable_life = 7d 0h 0m 0s...

...opyright Andrew Tridgell and the Samba Team 1992-2018 [2018/10/16 18:29:56.934115, 0] ../source4/smbd/server.c:638(binary_smbd_main) binary_smbd_main: samba: using 'standard' process model [2018/10/16 18:29:57.251109, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) /usr/sbin/krb5kdc: krb5kdc: starting... named log: 16-Oct-2018 18:29:53.526 general: info: managed-keys-zone: loaded serial 0 16-Oct-2018 18:29:53.538 general: info: zone localhost/IN: loaded serial 0 16-Oct-2018 18:29:53.539 general: info: zone virtual/IN: loaded serial 0 16-Oct-2018 18:29:53.539 general: info: zo...

The client can not access the Windows Share after authorization on samba DC samba_dc_server: samba 4.7.6 krb5-libs 1.15.2-7 windows client: windows7 windows_file_server: windows server 2008 /var/log/samba/mit_kdc.log мар 22 15:43:49 samba_dc_server krb5kdc[17891](info): commencing operation мар 22 15:43:56 samba_dc_server krb5kdc[17891](info): AS_REQ (6 etypes {18 17 23 24 -135 3}) 10.2.1.12: NEEDED_PREAUTH: vas.lah at example.ru for krbtgt/example .ru at example.ru, Additional pre-authentication required мар 22 15:43:56 samba_dc_server krb5kdc[17891...

....SJC * Does this ticket look ok? the krbtgt record looks a little odd to me. I figure I should get ADMIN/chris, and I cannot see any entries for STAFF realm left over. I kdestroyed the ticket and recreated it, but no luck kdc.conf [kdcdefaults] kdc_ports = 88 acl_file = /etc/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /etc/kerberos/krb5kdc/kadm5.keytab [realms] ADMIN.SJC = { master_key_type = des3-cbc-sha1 supported_enctypes = des3-cbc-sha1:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3 profile = /etc/krb5.conf database_name = /et...

Hello together Installing a new Samba AD on me new installed Debian 10. root at AD:/home/maurizio# /usr/sbin/smbd -V Version 4.9.5-Debian But DNS_Update will by fail: [2020/03/22 13:26:02.266719, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS') [2020/03/22

...e Here is a copy of the krb5.conf file: [libdefaults] ticket_lifetime = 600 default_realm = BROOKS.COM kdc_req_checksum_type = 2 checksum_type = 2 ccache_type = 1 default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc [kdc] profile = /usr/local/var/krb5kdc/kdc.conf [logging] kdc = FILE:/usr/local/var/krb5kdc/kdc.log <FILE:/usr/local/var/krb5kdc/kdc.log> admin_server = FILE:/usr/local/var/krb5kdc/adm.log <FILE:/usr/local/var/krb5kdc/adm.log> default = FILE:/usr/local/var/krb5kdc/log.log <FILE:/usr/local/var/krb5kdc/log.lo...

...dns,dhcp,kerberos,kpasswd,ldap,ldaps,ntp} 183 firewall-cmd --permanent --add-port={135/tcp,137-138/udp,139/tcp,3268-3269/tcp,49152-65535/tcp} 184 firewall-cmd --reload Then now the port open are that[1] The system is a Fedora 30 Server with default samba out of the box. Then yes, it's a krb5kdc (mit_kdc). I hope this is not a problem for this ml, otherwise let me know where I can post my question. I have look into mit_kdc.log and I have see this recurred lament, (that I don't know what it means and whether it is important or not): set 02 11:54:36 s-addc.studiomosca.net krb5kdc[6764]...

Hi, The following problem: [root]#kinit administrator kinit: Cannot contact any KDC for realm 'DC-STATIC.LUUFORPROS.COM' while getting initial credentials A restart of samba.service finally starts krb5kdc: [root]#systemctrl restart samba [root]# ps axf |grep krb 1249 pts/0 S+ 0:00 \_ grep --color=auto krb 1212 ? S 0:00 | \_ /usr/sbin/krb5kdc -n and now: [root at feddc ~]# kinit administrator Password for administrator at DC-STATIC.LUUFORPROS.COM: [root at...