[SOLVED] kerberos error - Preauthentication failed

Question about WAPT Server / Requêtes et aides autour du serveur Wapt
Règles du forum
* Questions can be asked in English or in French. If the thread is started in English, stick to English, if it is started in French, stick to French.
* Vous pouvez poser vos questions en Français ou en Anglais. Si un sujet est commencé en français, merci de répondre en français. Si un sujet est commencé en anglais, merci de répondre en anglais.
Avatar de l’utilisateur
empbilly
Messages : 67
Inscription : 15 janv. 2018 - 20:59

08 nov. 2018 - 16:27

hello,

I re-configured auth from my clients via kerberos. Some machines are not being recognized and the server log shows the following:

Code : Tout sélectionner

Nov  8 11:33:26 wapt winbindd[6145]: [2018/11/08 11:33:26.387247,  0] ../source3/libsmb/cliconnect.c:1895(cli_session_setup_spnego_send)
Nov  8 11:33:26 wapt winbindd[6145]:   Kinit for WAPT$@... to access cifs/dc4....@... failed: Preauthentication failed
Configs:

Installed version of WAPT: 1.6.2.7
Server OS: Linux
OS of the administration machine/creation of packages: Windows 7

Do I need to re-register (wapt-get register) the machine? Can I do this remotely to all the machines in my park?
Dernière modification par empbilly le 18 déc. 2018 - 18:14, modifié 2 fois.
Avatar de l’utilisateur
empbilly
Messages : 67
Inscription : 15 janv. 2018 - 20:59

12 nov. 2018 - 19:42

Any ideas or help are welcome!! :D
Avatar de l’utilisateur
empbilly
Messages : 67
Inscription : 15 janv. 2018 - 20:59

27 nov. 2018 - 11:30

Wapt staff never got a error/issue like that?
Avatar de l’utilisateur
empbilly
Messages : 67
Inscription : 15 janv. 2018 - 20:59

30 nov. 2018 - 14:49

Hello,

I discovered some new informations!!!!

I made the configuration following the tutorial: https://www.wapt.fr/fr/doc/Installation ... ebian.html

Before executing the commands below the server was part of the domain, but after executing the commands,

Code : Tout sélectionner

sudo msktutil --server DOMAIN_CONTROLER --precreate --host $(hostname) -b cn=computers --service HTTP --description "host account for wapt server" --enctypes 24 -N
sudo msktutil --server DOMAIN_CONTROLER --auto-update --keytab /etc/nginx/http-krb5.keytab --host $(hostname) -N
it appears that the wapt server is removed from the domain.
root@wapt:/etc/samba# net ads testjoin
kerberos_kinit_password WAPT$@... failed: Preauthentication failed
ads_connect: No logon servers are currently available to service the logon request.
Join to domain is not valid: No logon servers are currently available to service the logon request.
but the host is successfully registered.
c:\>psexec.exe /accepteula -s wapt-get register

PsExec v2.2 - Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

Host correctly registered against server https://wapt....
Is this normal after configuring authentication via kerberos?
Avatar de l’utilisateur
sfonteneau
Expert WAPT
Messages : 784
Inscription : 10 juil. 2014 - 23:52
Contact :

17 déc. 2018 - 22:42

Samba is not used in wapt.

The tutorial asks you to create a keytab:

/etc/nginx/http-krb5.keytab

This is the one that will be used. No need to test with net ads testjoin
Avatar de l’utilisateur
empbilly
Messages : 67
Inscription : 15 janv. 2018 - 20:59

18 déc. 2018 - 18:14

Ok.

Thanks for your feedback!
Répondre