Re: User login issue

2024-02-07 Thread Mike Gabriel 

HI Roman,

On  Mi 07 Feb 2024 12:51:11 CET, roman.meier wrote:


Hi folks,

Yesterday, I came across the following entry in /var/log/auth.log:

Feb  6 11:03:38 tjener su: pam_krb5(su:auth): (user roman)  
credential verification failed: Cannot find key for  
host/tjener.intern@INTERN kvno 16 in keytab


I also had a closer look at the following script:
/usr/share/debian-edu-config/tools/copy-host-keytab

This then lead me to the solution of my authentication problem.

My file /etc/krb5.keytab was missing many entries preventing  
successful user logins. Executing the script fixed this finally.


Kind regards,
Roman


If you run an old version of TJENER, you might be facing this bug:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002014

Please adjust your gosa-modify-host script in  
/usr/share/debian-edu-config/tools/ as shown here:

https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/57d70cb10a902a004ed39da902b6808c36ce1851

Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpBgnFXoTGU7.pgp
Description: Digitale PGP-Signatur

Re: User login issue

2024-02-07 Thread roman . meier 
Hi folks,

Yesterday, I came across the following entry in /var/log/auth.log:

Feb  6 11:03:38 tjener su: pam_krb5(su:auth): (user roman) credential 
verification failed: Cannot find key for host/tjener.intern@INTERN kvno 16 in 
keytab

I also had a closer look at the following script:
/usr/share/debian-edu-config/tools/copy-host-keytab

This then lead me to the solution of my authentication problem.

My file /etc/krb5.keytab was missing many entries preventing successful user 
logins. Executing the script fixed this finally.

Kind regards,
Roman

> On 01/07/2024 11:07 AM GMT roman.me...@gismap.ch wrote:
> 
>  
> Hi folks,
> 
> Maybe the following is helping to narrow things down?
> 
> I checked on /var/log/auth.log today and I'm getting the following upon 
> trying to login as user mm in the console:
> 
> Jan  7 11:04:34 tjener krb5kdc[2232]: AS_REQ (8 etypes {18 17 20 19 16 23 25 
> 26}) 10.0.2.2: NEEDED_PREAUTH: mm@INTERN for krbtgt/INTERN@INTERN, Additional 
> pre-authentication required
> Jan  7 11:04:34 tjener krb5kdc[2232]: preauth (encrypted_timestamp) verify 
> failure: Preauthentication failed
> Jan  7 11:04:34 tjener krb5kdc[2232]: AS_REQ (8 etypes {18 17 20 19 16 23 25 
> 26}) 10.0.2.2: PREAUTH_FAILED: mm@INTERN for krbtgt/INTERN@INTERN, 
> Preauthentication failed
> Jan  7 11:04:34 tjener krb5kdc[2232]: AS_REQ (8 etypes {18 17 20 19 16 23 25 
> 26}) 10.0.2.2: NEEDED_PREAUTH: mm@INTERN for krbtgt/INTERN@INTERN, Additional 
> pre-authentication required
> Jan  7 11:04:34 tjener krb5kdc[2232]: preauth (encrypted_timestamp) verify 
> failure: Preauthentication failed
> Jan  7 11:04:34 tjener krb5kdc[2232]: AS_REQ (8 etypes {18 17 20 19 16 23 25 
> 26}) 10.0.2.2: PREAUTH_FAILED: mm@INTERN for krbtgt/INTERN@INTERN, 
> Preauthentication failed
> Jan  7 11:04:34 tjener login[17928]: pam_krb5(login:auth): authentication 
> failure; logname=mm uid=0 euid=0 tty=/dev/tty1 ruser= rhost=
> Jan  7 11:04:34 tjener login[17928]: pam_unix(login:auth): authentication 
> failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost=  user=mm
> Jan  7 11:04:38 tjener login[17928]: FAILED LOGIN (1) on '/dev/tty1' FOR 
> 'mm', Authentication failure
> 
> Kind regards,
> Roman