Hello,
I re-configured auth from my clients via kerberos. Some machines are not being recognized and the server log shows the following:
Code: Select all https://forum.tranquil.it/viewtopic.php?f=13&t=1533#
Nov 8 11:33:26 wapt winbindd[6145]: [2018/11/08 11:33:26.387247, 0] ../source3/libsmb/cliconnect.c:1895(cli_session_setup_spnego_send) Nov 8 11:33:26 wapt winbindd[6145]: Kinit for WAPT$@... to access cifs/dc4....@... failed: Preauthentication failed
Configs:
Installed version of WAPT: 1.6.2.7 Server OS: Linux Debian 9.6 OS of the administration machine/creation of packages: Windows 7
I made the configuration following the tutorial: https://www.wapt.fr/fr/doc/Installation ... ebian.html https://www.wapt.fr/fr/doc/Installation/debian/install_kerberos_debian.html
Before executing the commands below the server was part of the domain, but after executing the commands,
Code: Select all https://forum.tranquil.it/viewtopic.php?f=13&t=1533#
sudo msktutil --server DOMAIN_CONTROLER --precreate --host $(hostname) -b cn=computers --service HTTP --description "host account for wapt server" --enctypes 24 -N sudo msktutil --server DOMAIN_CONTROLER --auto-update --keytab /etc/nginx/http-krb5.keytab --host $(hostname) -N
it appears that the wapt server is removed from the domain.
root@wapt:/etc/samba# net ads testjoin kerberos_kinit_password WAPT$@... failed: Preauthentication failed ads_connect: No logon servers are currently available to service the logon request. Join to domain is not valid: No logon servers are currently available to service the logon request.
but the host is successfully registered.
c:>psexec.exe /accepteula -s wapt-get register
PsExec v2.2 - Execute processes remotely Copyright (C) 2001-2016 Mark Russinovich Sysinternals - www.sysinternals.com
Host correctly registered against server https://wapt....
Is this normal after configuring authentication via kerberos?