Authentication failed with a reason ... help
Ste
ste at i.net.it
Fri Dec 21 05:57:07 EST 2007
Hello,
I'm trying to debug from many days a problem without success. Simply
I've a DC running Windows 2003 Std R2 SP2 acting as kdc and I've to
authentication from a Linux client.
On Domain controller I've created a user (username blathapp ), flagged
the "Use DES Encryptation".
Setup SPN:
setspn -A blauthapp/app1 blauthapp
Exported keytab
ktpass -out blauthapp.keytab -princ blauthapp at INET.LOCAL -mapuser
blauthapp at INET.LOCAL +rndPass -minPass 33 -ptype KRB5_NT_PRINCIPAL
-crypto DES-CBC-MD5
keytab is created, zipped, and copied on Linux client. Unzipped. Check
md5 and CRC.
Now run:
[root at itsm-bl1 ~]# kinit -k -t /tmp/blauthapp.keytab
blauthapp/app1 at INET.LOCAL
kinit(v5): Preauthentication failed while getting initial credentials
/etc/krb5.conf looks like as
[root at itsm-bl1 ~]# cat /etc/krb5.conf
[libdefaults]
ticket_lifetime = 6000
default_realm = INET.LOCAL
default_tkt_enctypes = des-cbc-md5
default_tgs_enctypes = dec-cbc-md5
[realms]
INET.LOCAL = {
kdc = addc-mi02.INET.LOCAL:88
}
[domain_realm]
.inet.local = INET.LOCAL
inet.local = INET.LOCAL
Clocked are syncronized. Windows KDC reports:
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 675
Date: 21/12/2007
Time: 11.50.45
User: NT AUTHORITY\SYSTEM
Computer: ADDC-MI02
Description:
Pre-authentication failed:
User Name: blauthapp
User ID: INET\blauthapp
Service Name: krbtgt/INET.LOCAL
Pre-Authentication Type: 0x2
Failure Code: 0x18
Client Address: CLIENTIPADDR
All seems to be related to a passwortd...but whicih password?
ktpass.exe is version: 5.2.3790.1830
ktutil said me:
ktutil: rkt /tmp/blauthapp.keytab
ktutil: l
slot KVNO Principal
---- ----
---------------------------------------------------------------------
1 2 blauthapp/app1 at INET.LOCAL
Any hints?
Thanks
Stefano
More information about the Kerberos
mailing list