Hi. On 22.07.2013 16:28, Eugene M. Zheganin wrote: > When I'm trying to join a machine to a domain via ADS I get > "kerberos_kinit_password d...@norma.com failed: Looping detected inside > krb5_get_in_tkt". In the same time plain "kinit d...@norma.com" from a > console gives me a ticket without errors. Is this a bug (so I should > report it) or can this still be some misconfiguration on my side ? I'm > doing this on testparm-approved config file from 3.5.x. > > P.S. FreeBSD 10.0-CURRENT. > After not having luck with ntlm_auth in samba4, I decided to return and to investigate this problem. In wireshark I see that this looping is actually a sequence of exchanges AS-REQ -> KRB5KDC_ERR_PREAUTH_REQUIRED. After two tries I got this (looping detected ...) error from kinit.
What is the reason of samba kinit not preauthenticating (while FreeBSD's kinit does, because it works) ? Plus, after each joining retry I got in 'Active directory users in computers' a new machine account from this samba instance (does this mean it has actually joined ?). below is the link to a -d 10 output from the net ads join: http://tech.hq.norma.perm.ru/files/join.log Thanks. Eugene. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba