Strange behaviour of kinit

steve steve at steve-ss.com
Fri Sep 12 15:14:22 EDT 2014


On Fri, 2014-09-12 at 20:41 +0200, Dr. Lars Hanke wrote:
> Am 12.09.2014 19:15, schrieb steve:
> > On Fri, 2014-09-12 at 18:59 +0200, Lars Hanke wrote:
> >> I'm currently migrating from a MIT Kerberos + LDAP infrastructure to a
> >> samba4 design. I set up test clients, which can connect to either
> >> server. This works well for one client (debian wheezy amd64), but it
> >> fails for another client (debian wheezy i386). They have the same krb5.conf.
> >>
> >> While both clients can authenticate to the old MIT server, the i386
> >> client fails to get a ticket from the samba4 system:
> >>
> >> ~# kinit Administrator at AD.MICROSULT.DE
> >> Password for Administrator at AD.MICROSULT.DE:
> >> kinit: Generic preauthentication failure while getting initial credentials
> >>
> >> Again using the same command and password on the amd64 system works fine.
> >>
> >> Is there any more configuration than krb5.conf, which plays a role?
> >
> > Is the 32 bit box joined to the domain? What does klist -k give on the
> > 32 bit box?
> 
> Neither machine is joined to the domain. klist -k reports that no keytab 
> file is present on the 32 bit machine. The 64 bit machine has keys from 
> the old Kerberos infrastructure, none from the samba4 system.

DNS? Is the 386 client pointing _only_ at the Samba4 DC?
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos




More information about the Kerberos mailing list