[Wapt] kerberos error - Preauthentication failed

Elias Pereira empbilly at gmail.com
Tue Dec 4 15:16:40 CET 2018 

Hello,

I re-configured auth from my clients via kerberos. Some machines are not
being recognized and the server log shows the following:

Code: Select all <https://forum.tranquil.it/viewtopic.php?f=13&t=1533#>

Nov  8 11:33:26 wapt winbindd[6145]: [2018/11/08 11:33:26.387247,  0]
../source3/libsmb/cliconnect.c:1895(cli_session_setup_spnego_send)
Nov  8 11:33:26 wapt winbindd[6145]:   Kinit for WAPT$@... to access
cifs/dc4.... at ... failed: Preauthentication failed

Configs:

Installed version of WAPT: 1.6.2.7
Server OS: Linux Debian 9.6
OS of the administration machine/creation of packages: Windows 7

I made the configuration following the tutorial:
https://www.wapt.fr/fr/doc/Installation
... ebian.html
<https://www.wapt.fr/fr/doc/Installation/debian/install_kerberos_debian.html>

Before executing the commands below the server was part of the domain, but
after executing the commands,

Code: Select all <https://forum.tranquil.it/viewtopic.php?f=13&t=1533#>

sudo msktutil --server DOMAIN_CONTROLER --precreate --host $(hostname)
-b cn=computers --service HTTP --description "host account for wapt
server" --enctypes 24 -N
sudo msktutil --server DOMAIN_CONTROLER --auto-update --keytab
/etc/nginx/http-krb5.keytab --host $(hostname) -N

it appears that the wapt server is removed from the domain.

root at wapt:/etc/samba# net ads testjoin
kerberos_kinit_password WAPT$@... failed: Preauthentication failed
ads_connect: No logon servers are currently available to service the logon
request.
Join to domain is not valid: No logon servers are currently available to
service the logon request.

but the host is successfully registered.

c:\>psexec.exe /accepteula -s wapt-get register

PsExec v2.2 - Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

Host correctly registered against server https://wapt....

Is this normal after configuring authentication via kerberos?

-- 
Elias Pereira
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tranquil.it/pipermail/wapt/attachments/20181204/1e1ed3f5/attachment.html>

More information about the WAPT mailing list