Authentication failed with a reason ... help - Kerberos

This is a discussion on Authentication failed with a reason ... help - Kerberos ; Hello, I'm trying to debug from many days a problem without success. Simply I've a DC running Windows 2003 Std R2 SP2 acting as kdc and I've to authentication from a Linux client. On Domain controller I've created a user ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Authentication failed with a reason ... help

  1. Authentication failed with a reason ... help

    Hello,

    I'm trying to debug from many days a problem without success. Simply
    I've a DC running Windows 2003 Std R2 SP2 acting as kdc and I've to
    authentication from a Linux client.

    On Domain controller I've created a user (username blathapp ), flagged
    the "Use DES Encryptation".

    Setup SPN:

    setspn -A blauthapp/app1 blauthapp

    Exported keytab

    ktpass -out blauthapp.keytab -princ blauthapp@INET.LOCAL -mapuser
    blauthapp@INET.LOCAL +rndPass -minPass 33 -ptype KRB5_NT_PRINCIPAL
    -crypto DES-CBC-MD5

    keytab is created, zipped, and copied on Linux client. Unzipped. Check
    md5 and CRC.

    Now run:
    [root@itsm-bl1 ~]# kinit -k -t /tmp/blauthapp.keytab
    blauthapp/app1@INET.LOCAL
    kinit(v5): Preauthentication failed while getting initial credentials


    /etc/krb5.conf looks like as
    [root@itsm-bl1 ~]# cat /etc/krb5.conf
    [libdefaults]
    ticket_lifetime = 6000
    default_realm = INET.LOCAL
    default_tkt_enctypes = des-cbc-md5
    default_tgs_enctypes = dec-cbc-md5

    [realms]
    INET.LOCAL = {
    kdc = addc-mi02.INET.LOCAL:88
    }

    [domain_realm]
    ..inet.local = INET.LOCAL
    inet.local = INET.LOCAL

    Clocked are syncronized. Windows KDC reports:

    Event Type: Failure Audit
    Event Source: Security
    Event Category: Account Logon
    Event ID: 675
    Date: 21/12/2007
    Time: 11.50.45
    User: NT AUTHORITY\SYSTEM
    Computer: ADDC-MI02
    Description:
    Pre-authentication failed:
    User Name: blauthapp
    User ID: INET\blauthapp
    Service Name: krbtgt/INET.LOCAL
    Pre-Authentication Type: 0x2
    Failure Code: 0x18
    Client Address: CLIENTIPADDR

    All seems to be related to a passwortd...but whicih password?
    ktpass.exe is version: 5.2.3790.1830

    ktutil said me:

    ktutil: rkt /tmp/blauthapp.keytab
    ktutil: l
    slot KVNO Principal
    ---- ----
    ---------------------------------------------------------------------
    1 2 blauthapp/app1@INET.LOCAL



    Any hints?
    Thanks
    Stefano

  2. Re: Authentication failed with a reason ... help

    Ste ha scritto:
    > ktpass -out blauthapp.keytab -princ blauthapp@INET.LOCAL -mapuser
    > blauthapp@INET.LOCAL +rndPass -minPass 33 -ptype KRB5_NT_PRINCIPAL
    > -crypto DES-CBC-MD5


    Errata type...
    ktpass -out blauthapp.keytab -princ blauthapp/app1@INET.LOCAL -mapuser
    blauthapp@INET.LOCAL +rndPass -minPass 33 -ptype KRB5_NT_PRINCIPAL
    -crypto DES-CBC-MD5

    I use /app1 in -princ, simply I've forgotten to write in my post.

    > Thanks
    > Stefano


+ Reply to Thread