Authentication failed with a reason ... help

Ste ste at i.net.it
Fri Dec 21 05:57:07 EST 2007


Hello,

I'm trying to debug from many days a problem without success. Simply 
I've a DC running Windows 2003 Std R2 SP2 acting as kdc and I've to 
authentication from a Linux client.

On Domain controller I've created a user  (username blathapp ), flagged 
the "Use DES Encryptation".

Setup SPN:

setspn -A blauthapp/app1 blauthapp

Exported keytab

ktpass -out blauthapp.keytab -princ blauthapp at INET.LOCAL -mapuser 
blauthapp at INET.LOCAL +rndPass -minPass 33 -ptype KRB5_NT_PRINCIPAL 
-crypto DES-CBC-MD5

keytab is created, zipped, and copied on Linux client. Unzipped. Check 
md5 and CRC.

Now run:
[root at itsm-bl1 ~]# kinit -k -t /tmp/blauthapp.keytab 
blauthapp/app1 at INET.LOCAL
kinit(v5): Preauthentication failed while getting initial credentials


/etc/krb5.conf looks like as
[root at itsm-bl1 ~]# cat /etc/krb5.conf
[libdefaults]
ticket_lifetime = 6000
default_realm = INET.LOCAL
default_tkt_enctypes = des-cbc-md5
default_tgs_enctypes = dec-cbc-md5

[realms]
INET.LOCAL = {
         kdc = addc-mi02.INET.LOCAL:88
}

[domain_realm]
.inet.local = INET.LOCAL
inet.local = INET.LOCAL

Clocked are syncronized. Windows KDC reports:

Event Type:	Failure Audit
Event Source:	Security
Event Category:	Account Logon
Event ID:	675
Date:		21/12/2007
Time:		11.50.45
User:		NT AUTHORITY\SYSTEM
Computer:	ADDC-MI02
Description:
Pre-authentication failed:
  	User Name:	blauthapp
  	User ID:		INET\blauthapp
  	Service Name:	krbtgt/INET.LOCAL
  	Pre-Authentication Type:	0x2
  	Failure Code:	0x18
  	Client Address:	CLIENTIPADDR

All seems to be related to a passwortd...but whicih password?
ktpass.exe is version: 5.2.3790.1830

ktutil said me:

ktutil:  rkt /tmp/blauthapp.keytab
ktutil:  l
slot KVNO Principal
---- ---- 
---------------------------------------------------------------------
    1    2                blauthapp/app1 at INET.LOCAL



Any hints?
Thanks
Stefano



More information about the Kerberos mailing list