[28923] in Kerberos
Authentication failed with a reason ... help
daemon@ATHENA.MIT.EDU (Ste)
Fri Dec 21 06:00:16 2007
From: Ste <ste@i.net.it>
Date: Fri, 21 Dec 2007 11:57:07 +0100
Message-ID: <5t1kg8F1bbklgU1@mid.individual.net>
Mime-Version: 1.0
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello,
I'm trying to debug from many days a problem without success. Simply
I've a DC running Windows 2003 Std R2 SP2 acting as kdc and I've to
authentication from a Linux client.
On Domain controller I've created a user (username blathapp ), flagged
the "Use DES Encryptation".
Setup SPN:
setspn -A blauthapp/app1 blauthapp
Exported keytab
ktpass -out blauthapp.keytab -princ blauthapp@INET.LOCAL -mapuser
blauthapp@INET.LOCAL +rndPass -minPass 33 -ptype KRB5_NT_PRINCIPAL
-crypto DES-CBC-MD5
keytab is created, zipped, and copied on Linux client. Unzipped. Check
md5 and CRC.
Now run:
[root@itsm-bl1 ~]# kinit -k -t /tmp/blauthapp.keytab
blauthapp/app1@INET.LOCAL
kinit(v5): Preauthentication failed while getting initial credentials
/etc/krb5.conf looks like as
[root@itsm-bl1 ~]# cat /etc/krb5.conf
[libdefaults]
ticket_lifetime = 6000
default_realm = INET.LOCAL
default_tkt_enctypes = des-cbc-md5
default_tgs_enctypes = dec-cbc-md5
[realms]
INET.LOCAL = {
kdc = addc-mi02.INET.LOCAL:88
}
[domain_realm]
.inet.local = INET.LOCAL
inet.local = INET.LOCAL
Clocked are syncronized. Windows KDC reports:
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 675
Date: 21/12/2007
Time: 11.50.45
User: NT AUTHORITY\SYSTEM
Computer: ADDC-MI02
Description:
Pre-authentication failed:
User Name: blauthapp
User ID: INET\blauthapp
Service Name: krbtgt/INET.LOCAL
Pre-Authentication Type: 0x2
Failure Code: 0x18
Client Address: CLIENTIPADDR
All seems to be related to a passwortd...but whicih password?
ktpass.exe is version: 5.2.3790.1830
ktutil said me:
ktutil: rkt /tmp/blauthapp.keytab
ktutil: l
slot KVNO Principal
---- ----
---------------------------------------------------------------------
1 2 blauthapp/app1@INET.LOCAL
Any hints?
Thanks
Stefano
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
