f



kinit: Preauthentication failed while getting initial credentials

Hola, estoy intentando conectarme desde Ubuntu (Kerberos) a un
drectorio activo (Windows 2008) , pero tengo problemas.
Datos Tecnicos:
Dominio: NAME1.NAME2.COM

Mi krb5.conf

default =3D FILE:/var/log/krb5lib.log
[libdefaults]
ticket_lifetime =3D 24000
default_realm =3D NAME1.NAME2.COM

[realms]
NAME1.NAME2.COM =3D {
kdc =3D dcwindows
admin_server =3D dcwindows
default_domain =3D NAME1.NAME2.COM
}
[domain_realm]
..name1.name2.com =3D NAME1.NAME2.COM
name1.name2.com =3D NAME1.NAME2.COM

Cuando intento hacer:
kinit -V Administrador@NAME1.NAME2.COM
e ingreso la contrase=F1a correctamente me arroja:

kinit: Preauthentication failed while getting initial credentials


Todo el problema inicio cuando reinstale el Windows 2008 Nuevamente
desde otro CD, no se si el problema es el Windows o la configuracion
del Kerberos.

Saludos.

0
jodacame (2)
5/19/2011 5:14:10 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

3 Replies
3360 Views

Similar Articles

[PageSpeed] 47

2011/5/19 JODACAME <jodacame@gmail.com>:
> Cuando intento hacer:
> kinit -V Administrador@NAME1.NAME2.COM
> e ingreso la contraseña correctamente me arroja:
>
> kinit: Preauthentication failed while getting initial credentials
>
>
> Todo el problema inicio cuando reinstale el Windows 2008 Nuevamente
> desde otro CD, no se si el problema es el Windows o la configuracion
> del Kerberos.

Acaso re-instalaste y _re-creaste_ el dominio de Active Directory?
Podés re-instalar, pero tenés que recuperar los datos del dominio de
tus backups.

Nico
--

0
nico53 (35)
5/20/2011 5:53:14 AM
Hello. Are you sure that the admin user isn't called administrator and
not admistrador ? Difficult to believe that that the spanish version
of windows rename the building account in spanish, unless you have
done this yourself. Regards

2011/5/19, JODACAME <jodacame@gmail.com>:
> Hola, estoy intentando conectarme desde Ubuntu (Kerberos) a un
> drectorio activo (Windows 2008) , pero tengo problemas.
> Datos Tecnicos:
> Dominio: NAME1.NAME2.COM
>
> Mi krb5.conf
>
> default = FILE:/var/log/krb5lib.log
> [libdefaults]
> ticket_lifetime = 24000
> default_realm = NAME1.NAME2.COM
>
> [realms]
> NAME1.NAME2.COM = {
> kdc = dcwindows
> admin_server = dcwindows
> default_domain = NAME1.NAME2.COM
> }
> [domain_realm]
> .name1.name2.com = NAME1.NAME2.COM
> name1.name2.com = NAME1.NAME2.COM
>
> Cuando intento hacer:
> kinit -V Administrador@NAME1.NAME2.COM
> e ingreso la contrase´┐Ża correctamente me arroja:
>
> kinit: Preauthentication failed while getting initial credentials
>
>
> Todo el problema inicio cuando reinstale el Windows 2008 Nuevamente
> desde otro CD, no se si el problema es el Windows o la configuracion
> del Kerberos.
>
> Saludos.
>
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

-- 
Inviato dal mio dispositivo mobile

0
5/20/2011 6:02:22 AM
Hi, yes de user is Administrador, windows in spanish rename this account,

I have solved the problem, solution:

I have unistall krb5 =3D>
sudo aptitude remove krb5-kdc krb5-admin-server krb5-user

And install this packages

sudo aptitude install heimdal-kdc heimdal-servers hemdal-servers-x
heimdal-clients heimdal-clients-x heimdal-lib heimdal-libskrb5-config

And all Ok! ...

Ty.

2011/5/20 Elia Pinto <gitter.spiros@gmail.com>

> Hello. Are you sure that the admin user isn't called administrator and
> not admistrador ? Difficult to believe that that the spanish version
> of windows rename the building account in spanish, unless you have
> done this yourself. Regards
>
> 2011/5/19, JODACAME <jodacame@gmail.com>:
> > Hola, estoy intentando conectarme desde Ubuntu (Kerberos) a un
> > drectorio activo (Windows 2008) , pero tengo problemas.
> > Datos Tecnicos:
> > Dominio: NAME1.NAME2.COM
> >
> > Mi krb5.conf
> >
> > default =3D FILE:/var/log/krb5lib.log
> > [libdefaults]
> > ticket_lifetime =3D 24000
> > default_realm =3D NAME1.NAME2.COM
> >
> > [realms]
> > NAME1.NAME2.COM =3D {
> > kdc =3D dcwindows
> > admin_server =3D dcwindows
> > default_domain =3D NAME1.NAME2.COM
> > }
> > [domain_realm]
> > .name1.name2.com =3D NAME1.NAME2.COM
> > name1.name2.com =3D NAME1.NAME2.COM
> >
> > Cuando intento hacer:
> > kinit -V Administrador@NAME1.NAME2.COM
> > e ingreso la contrase=F1a correctamente me arroja:
> >
> > kinit: Preauthentication failed while getting initial credentials
> >
> >
> > Todo el problema inicio cuando reinstale el Windows 2008 Nuevamente
> > desde otro CD, no se si el problema es el Windows o la configuracion
> > del Kerberos.
> >
> > Saludos.
> >
> > ________________________________________________
> > Kerberos mailing list           Kerberos@mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
>
> --
> Inviato dal mio dispositivo mobile
>



--=20
Jose Daniel Canchila Mercado
*Desarrollador Web*
*http://jodacame.com*
-
Key: 56564611118461556451

<http://feeds.feedburner.com/nexxuz>
0
jodacame (2)
5/20/2011 12:52:40 PM
Reply:

Similar Artilces:

kerberos and Windows 2008R2
Hello Kerberos List, I'm trying to set a Kerberos ticket between a Unix and a Windows 2008 R2 se= rver. I've created a user on windows and used the ktpass to generate the Kerberos= keytab: C:\Windows\System32\ktpass princ host/jc1lqaldap.testdomain.com@TESTDOMAIN.= COM mapuser TESTDOMAIN\host_jc1lqaldap -crypto DES-CBC-MD5 -pass * -ptype K= RB5_NT_PRINCIPAL out c:\nis_data\host_jc1lqaldap.keytab I did make sure that "User Kerberos DES encryption types for this account" = was checked. First I was getting: root@jc1lqaldap:/etc# kinit -V -k -t /etc/krb5.keytab -c /tmp/krb5cc_...

kinit: Cannot contact any KDC for requested realm while getting initial credentials
Hi, I am having problems with using kinit, with keytab and username/password. When issuing the kinit command I get the following error: kinit: Cannot contact any KDC for requested realm while getting initial credentials There is a firewall between the webservers where I issue the command from and the domain controller. The webservers are able to connect to the domain controller on port 88 over UDP. The webservers are able to resolve themselves and the domain controller, both forward and reverse lookup. Do any of you guys out there have an idea of what is going wrong? Many thanks, Celia _...

kinit: Key table entry not found while getting initial credentials
Hi Kerberos experts, could anyone help me in addressing this issue since I am a T-O-T-A-L newbie in Kerberos. I have to retrieve kerberos credential in Solaris 5.8 (SEAM 1.0.1) using a windows2003 Active Directory as KDC, and I am compelled to use the credential of a user different from Solaris' user. Let's say I work with user appadm on Solaris and user domuser@resource.corp in AD. AD administrator generated a keytab for my Solaris user in this way: Ktpass -princ kerberos/domuser.resource.corp@RESOURCE.CORP -mapuser domuser -pass [passwd of domuser] -out domuser.keytab and gave ...

kinit: KRB5 error code 52 while getting initial credentials
I'm getting the following error on a Solaris 8 machine: kinit: KRB5 error c= ode 52 while getting initial credentials=20 =20 So far my analysis shows this error to indicate the following: 0x34 - KRB_E= RR_RESPONSE_TOO_BIG - Too much data=20 =20 According to a number of forums, some inheriant limitations exist with the = Solaris 8 version of Kerberos concerning the number of group memberships a = user may have. In my Active Directory, each user is a member of possibly m= any groups. To confirm this, I created a simple user with only membership = to "Domain Users" and was able t...

kinit: Key table entry not found while getting initial credentials #2
Hello newsgroup, We followed the instructions on http://grolmsnet.de/kerbtut/ kinit -k -t /etc/apache2/httpotrskeytab OTRS/ server.test.local@TEST.LOCAL produces the following error: kinit: Key table entry not found while getting initial credentials we are using mit kerberos 1.9.1 on sles10 we created the keytabfile on windows 2008 r2 server with the following command: ktpass -princ OTRS/server.test.local@TEST.LOCAL -mapuser httpotrs@TEST.LOCAL -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -pass secretpassword -out c:\temp\httpotrskeytab we copied the file to the linux server to /etc/ap...

kinit: KRB5 error code 52 while getting initial credentials #2
I'm getting the following error on a Solaris 8 machine: kinit: KRB5 error code 52 while getting initial credentials So far my analysis shows this error to indicate the following: 0x34 - KRB_ERR_RESPONSE_TOO_BIG - Too much data According to a number of forums, some inheriant limitations exist with the Solaris 8 version of Kerberos concerning the number of group memberships a user may have. In my Active Directory, each user is a member of possibly many groups. To confirm this, I created a simple user with only membership to "Domain Users" and was able to run kinit without ...

RE: kinit: KRB5 error code 52 while getting initial credentials
Thanks for the update Will. I'll look into Solaris 10...> Date: Mon, 9 Jul= 2007 15:43:48 -0500> From: William.Fiveash@sun.com> To: rfbass16@hotmail.c= om> CC: kerberos@mit.edu> Subject: Re: kinit: KRB5 error code 52 while gett= ing initial credentials> > On Wed, Jul 04, 2007 at 05:56:56PM +0000, Ron Ba= ss II wrote:> > > > I'm getting the following error on a Solaris 8 machine:= kinit: KRB5> > error code 52 while getting initial credentials > > > > So = far my analysis shows this error to indicate the following: 0x34 -> > KR...

kinit(v5): KRB5 error code 68 while getting initial credentials
I have a huge Problem. Im trying to install a SSO for our Intranet-Webserver (Apache 2.0.55) on a SuSE Linux 10.0. Ist running very fine. But we have some Computers, which are NOT Part of the Active Directory Domain, so there the sso doesnt work. If the paste their Usernames into the Auth-Box (firstname.lastname@persona.de) it doesnt work. But the Useraccount exists in the AD. If they paste the real username (e.g. firstname.lastname@KONZERN.INTERN) it works fine. The problem: The user dont Know his real AD-Name. He knows just hier emailadress (firstname.lastname@persona.de) Anyone a soluti...

RE: kinit: KRB5 error code 52 while getting initial credentials #2
Any chance the Kerberos libs from Solaris 10 can port back to Solaris 8? So= me limitations have arisen such that an upgrade to Solaris 10 is not possi= ble yet. Is there any way to patch the Solaris 8 Kerberos??? =20 Thanks Ron > Date: Wed, 11 Jul 2007 11:42:49 -0500> From: William.Fiveash@sun.com> To:= rfbass16@hotmail.com> CC: William.Fiveash@sun.com; kerberos@mit.edu> Subje= ct: Re: kinit: KRB5 error code 52 while getting initial credentials> > On W= ed, Jul 11, 2007 at 01:10:19AM +0000, Ron Bass II wrote:> > > > Thanks for = the update Will. I'll...

error : kinit(v5) : KRB5 error code 52 while getting initial credentials
Hello all, i am Sunil C. i have a domain named xx.com which has a KDC. i also have a domain co.yy where my server is. there is no KDC in it. users are in xx.com domain. but my servers are in (co.yy) domain. i had set up a test scenario with a user and a server in domain (xx.com). since KDc was setup i got ticket and was able to authenticate well using kerberos. my issue is that all my production servers are in domain (co.yy) which doesnt have a KDC. i want to authenticate and use the server services in that domain. setting up KDC is not feasible in both domains for me. now i have done some...

kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting initial credentials
Hi! I have set up a kerberos server srv.example.com. This server has address 192.168.180.30. Address resolution works fine on the server and client: srv.example.com: # host srv srv.example.com has address 192.168.180.30 # host 192.168.180.30 30.180.168.192.in-addr.arpa domain name pointer srv.example.com. # host client client.example.com has address 192.168.180.6 # host 192.168.180.6 6.180.168.192.in-addr.arpa domain name pointer client.example.com # client.example.com: # host srv srv.example.com has address 192.168.180.30 # host 192.168.180.30 30.180.168.192.in-addr.arpa domain name pointe...

AIX 5.3: kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials
Hi list, kinit (krb5 1.4.2) on an AIX 5.3 gives me # /usr/local/bin/kinit -k -t foobar.keytab foobar/foo.example.net@EXAMPLE.NET kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials From a working Linux krb5 1.4.2 installation I copied /etc/krb5.conf and foobar.keytab to AIX 5.3. The following steps don't defer to the steps I did under Linux. # ./configure --without-krb4 --enable-shared # make && make install Using gcc 3.3.2. I found a patch for krb5 1.4.1 for AIX 5.2 from Ken Raeburn, but as far as I see it is fixed in 1....

Re: AIX 5.3: kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials
Christopher, I had the exact same problem. I was given 2 patches for KRB 1.4.1 and it fixed the problem. I applied the patches to my 1.4.2 source and the problem is resolved there too. Here are the patches: DNSGLUE.C Patch: *** ./src/lib/krb5/os/dnsglue.c.orig Fri Jan 14 17:10:53 2005 --- ./src/lib/krb5/os/dnsglue.c Thu May 5 11:39:52 2005 *************** *** 62,68 **** --- 62,76 ---- char *host, int nclass, int ntype) { #if HAVE_RES_NSEARCH + #ifndef LANL struct __res_state statbuf; + #else /* LANL */ + #ifndef _AIX + struct __res_state statbuf;...

permitted_enctypes = "des-cbc-crc" triggers 'kinit: Generic error (see e-text) while getting initial credentials'
I have this in my Suse 11.3 /etc/krb.conf for libdefaults: allow_weak_crypto = true # permitted_enctypes = "des-cbc-crc arcfour-hmac des3-cbc-sha1 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96" permitted_enctypes = "des-cbc-crc" Now if I try to kinit I get this error: kinit kinit: Generic error (see e-text) while getting initial credentials Why? Wendy ...

Web resources about - kinit: Preauthentication failed while getting initial credentials - comp.protocols.kerberos

Windows Vista networking technologies - Wikipedia, the free encyclopedia
It includes native implementation of IPv6, as well as complete overhaul of IPv4. The new TCP/IP stack uses a new method to store configuration ...

Posey's Tips & Tricks for Windows Admins By Brien Posey Redmondmag.com
Tips and Tricks for Windows Admins by Brien Posey, with how-to advice for everything from Microsoft Windows Server to Exchange to Windows 7 to ...

What's new in Windows Server 2016 Technical Preview 3
Windows Server 2016 Technical Preview 3 leaked onto the web last week - but while Microsoft hasn't yet made it officially available, the company ...

Kerberos FAQ, v2.0 (last modified 8/18/2000)
Kerberos FAQ, v2.0 (last modified 8/18/2000)

The openwrt-devel September 2013 Archive by author
September 2013 Archives by author Messages sorted by: [ thread ] [ subject ] [ date ] More info on this list... Starting: Sun Sep 1 02:53:58 ...

Windows Vista networking technologies - Wikipedia, the free encyclopedia
The stack includes native implementation of IPv6 , as well as a complete overhaul of IPv4. The new TCP/IP stack uses a new method to store configuration ...

Random Access
Scott Lowe's Random Access storage-related column exclusively for Redmond magazine and Redmondmag.com

Email to Author
Please use this form to email the author of this article.

Email to Author
Please use this form to email the author of this article.

Redmondmag.com
Redmond magazine is The Independent Voice of the Microsoft IT Community. It is relied upon by Windows Server, SQL Server, Security, and Exchange ...

Resources last updated: 2/10/2016 12:53:34 PM