[Wapt] kerberos error - Preauthentication failed

Elias Pereira empbilly at gmail.com
Tue Dec 4 15:16:40 CET 2018


I re-configured auth from my clients via kerberos. Some machines are not
being recognized and the server log shows the following:

Code: Select all <https://forum.tranquil.it/viewtopic.php?f=13&t=1533#>

Nov  8 11:33:26 wapt winbindd[6145]: [2018/11/08 11:33:26.387247,  0]
Nov  8 11:33:26 wapt winbindd[6145]:   Kinit for WAPT$@... to access
cifs/dc4.... at ... failed: Preauthentication failed


Installed version of WAPT:
Server OS: Linux Debian 9.6
OS of the administration machine/creation of packages: Windows 7

I made the configuration following the tutorial:
... ebian.html

Before executing the commands below the server was part of the domain, but
after executing the commands,

Code: Select all <https://forum.tranquil.it/viewtopic.php?f=13&t=1533#>

sudo msktutil --server DOMAIN_CONTROLER --precreate --host $(hostname)
-b cn=computers --service HTTP --description "host account for wapt
server" --enctypes 24 -N
sudo msktutil --server DOMAIN_CONTROLER --auto-update --keytab
/etc/nginx/http-krb5.keytab --host $(hostname) -N

it appears that the wapt server is removed from the domain.

root at wapt:/etc/samba# net ads testjoin
kerberos_kinit_password WAPT$@... failed: Preauthentication failed
ads_connect: No logon servers are currently available to service the logon
Join to domain is not valid: No logon servers are currently available to
service the logon request.

but the host is successfully registered.

c:\>psexec.exe /accepteula -s wapt-get register

PsExec v2.2 - Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

Host correctly registered against server https://wapt....

Is this normal after configuring authentication via kerberos?

Elias Pereira
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tranquil.it/pipermail/wapt/attachments/20181204/1e1ed3f5/attachment.html>

More information about the WAPT mailing list