Strange behaviour of kinit
Dr. Lars Hanke
lars at lhanke.de
Fri Sep 12 14:41:13 EDT 2014
Am 12.09.2014 19:15, schrieb steve:
> On Fri, 2014-09-12 at 18:59 +0200, Lars Hanke wrote:
>> I'm currently migrating from a MIT Kerberos + LDAP infrastructure to a
>> samba4 design. I set up test clients, which can connect to either
>> server. This works well for one client (debian wheezy amd64), but it
>> fails for another client (debian wheezy i386). They have the same krb5.conf.
>>
>> While both clients can authenticate to the old MIT server, the i386
>> client fails to get a ticket from the samba4 system:
>>
>> ~# kinit Administrator at AD.MICROSULT.DE
>> Password for Administrator at AD.MICROSULT.DE:
>> kinit: Generic preauthentication failure while getting initial credentials
>>
>> Again using the same command and password on the amd64 system works fine.
>>
>> Is there any more configuration than krb5.conf, which plays a role?
>
> Is the 32 bit box joined to the domain? What does klist -k give on the
> 32 bit box?
Neither machine is joined to the domain. klist -k reports that no keytab
file is present on the 32 bit machine. The 64 bit machine has keys from
the old Kerberos infrastructure, none from the samba4 system.
More information about the Kerberos
mailing list