[36454] in Kerberos
Re: Strange behaviour of kinit
daemon@ATHENA.MIT.EDU (Dr. Lars Hanke)
Fri Sep 12 14:55:10 2014
Message-ID: <54133E49.8030903@lhanke.de>
Date: Fri, 12 Sep 2014 20:41:13 +0200
From: "Dr. Lars Hanke" <lars@lhanke.de>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <1410542146.3694.0.camel@hh16.hh3.site>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Am 12.09.2014 19:15, schrieb steve:
> On Fri, 2014-09-12 at 18:59 +0200, Lars Hanke wrote:
>> I'm currently migrating from a MIT Kerberos + LDAP infrastructure to a
>> samba4 design. I set up test clients, which can connect to either
>> server. This works well for one client (debian wheezy amd64), but it
>> fails for another client (debian wheezy i386). They have the same krb5.conf.
>>
>> While both clients can authenticate to the old MIT server, the i386
>> client fails to get a ticket from the samba4 system:
>>
>> ~# kinit Administrator@AD.MICROSULT.DE
>> Password for Administrator@AD.MICROSULT.DE:
>> kinit: Generic preauthentication failure while getting initial credentials
>>
>> Again using the same command and password on the amd64 system works fine.
>>
>> Is there any more configuration than krb5.conf, which plays a role?
>
> Is the 32 bit box joined to the domain? What does klist -k give on the
> 32 bit box?
Neither machine is joined to the domain. klist -k reports that no keytab
file is present on the 32 bit machine. The 64 bit machine has keys from
the old Kerberos infrastructure, none from the samba4 system.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
