Hallo,
Ich habe folgendes Problem wenn ich auf der Shell ein
309015sa:/var/lib/samba # kinit Sidln@DOMAIN.LOCAL
Password for Sidln@DOMAIN.LOCAL:kennwort
Exception: krb_error 24 Pre-authentication information was invalid (24) Pre-authentication information was invalid
KrbException: Pre-authentication information was invalid (24)
at sun.security.krb5.KrbAsRep.<init>(DashoA12275:67)
at sun.security.krb5.KrbAsReq.getReply(DashoA12275:315)
at sun.security.krb5.KrbAsReq.getReply(DashoA12275:276)
at sun.security.krb5.internal.tools.Kinit.<init>(DashoA12275:271)
at sun.security.krb5.internal.tools.Kinit.main(DashoA12275:109)
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.ah.a(DashoA12275:134)
at sun.security.krb5.internal.av.a(DashoA12275:63)
at sun.security.krb5.internal.av.<init>(DashoA12275:58)
at sun.security.krb5.KrbAsRep.<init>(DashoA12275:53)
... 4 more
meine /etc/krb5.conf
[libdefaults]
ticket_lifetime = 24000
default_realm = DOMAIN.LOCAL
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
clockskew = 300
[realms]
DOMAIN.LOCAL = {
kdc = PDC.DOMAIN.LOCAL
admin_server = PDC.DOMAIN.LOCAL
default_domain = DOMAIN.LOCAL
}
[domain_realm]
.domain.local = DOMAIN.LOCAL
domain.local = DOMAIN.LOCAL
[logging]
default = FILE:/var/log/krb5/krb5libs.log
kdc = FILE:/var/log/krb5/kdc.log
kadmind = FILE:/var/log/krb5/kadmind.log
meine smb.conf
security = ads
netbios name = 309015SA
realm = security = ads
netbios name = 309015SA
realm = DOMAIN.LOCAL
password server = pdc.domain.local
workgroup = DOMAIN
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind separator = +
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
template homedir = /daten/home/winnt/%D/%U
template shell = /bin/bash
client use spnego = yes
domain master = no
Hat von euch wer eine IDEE was ich hier falsch gemacht habe ????
Mit dem Benutzer Sidln kann ich Wkst in die Domain aufnehmen er ist aber kein Domain Admin !!!!!
Laut angeben der IT Firma müsste das reichen ich bin mir aber nicht sicher bitte um HILFE !!!!!
Mfg
M@x
Ich habe folgendes Problem wenn ich auf der Shell ein
309015sa:/var/lib/samba # kinit Sidln@DOMAIN.LOCAL
Password for Sidln@DOMAIN.LOCAL:kennwort
Exception: krb_error 24 Pre-authentication information was invalid (24) Pre-authentication information was invalid
KrbException: Pre-authentication information was invalid (24)
at sun.security.krb5.KrbAsRep.<init>(DashoA12275:67)
at sun.security.krb5.KrbAsReq.getReply(DashoA12275:315)
at sun.security.krb5.KrbAsReq.getReply(DashoA12275:276)
at sun.security.krb5.internal.tools.Kinit.<init>(DashoA12275:271)
at sun.security.krb5.internal.tools.Kinit.main(DashoA12275:109)
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.ah.a(DashoA12275:134)
at sun.security.krb5.internal.av.a(DashoA12275:63)
at sun.security.krb5.internal.av.<init>(DashoA12275:58)
at sun.security.krb5.KrbAsRep.<init>(DashoA12275:53)
... 4 more
meine /etc/krb5.conf
[libdefaults]
ticket_lifetime = 24000
default_realm = DOMAIN.LOCAL
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
clockskew = 300
[realms]
DOMAIN.LOCAL = {
kdc = PDC.DOMAIN.LOCAL
admin_server = PDC.DOMAIN.LOCAL
default_domain = DOMAIN.LOCAL
}
[domain_realm]
.domain.local = DOMAIN.LOCAL
domain.local = DOMAIN.LOCAL
[logging]
default = FILE:/var/log/krb5/krb5libs.log
kdc = FILE:/var/log/krb5/kdc.log
kadmind = FILE:/var/log/krb5/kadmind.log
meine smb.conf
security = ads
netbios name = 309015SA
realm = security = ads
netbios name = 309015SA
realm = DOMAIN.LOCAL
password server = pdc.domain.local
workgroup = DOMAIN
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind separator = +
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
template homedir = /daten/home/winnt/%D/%U
template shell = /bin/bash
client use spnego = yes
domain master = no
Hat von euch wer eine IDEE was ich hier falsch gemacht habe ????
Mit dem Benutzer Sidln kann ich Wkst in die Domain aufnehmen er ist aber kein Domain Admin !!!!!
Laut angeben der IT Firma müsste das reichen ich bin mir aber nicht sicher bitte um HILFE !!!!!
Mfg
M@x
