Hi.
On 22.07.2013 16:28, Eugene M. Zheganin wrote:
When I'm trying to join a machine to a domain via ADS I get
kerberos_kinit_password d...@norma.com failed: Looping detected inside
krb5_get_in_tkt. In the same time plain kinit d...@norma.com from a
console gives me a ticket without errors. Is this a bug (so I should
report it) or can this still be some misconfiguration on my side ? I'm
doing this on testparm-approved config file from 3.5.x.
P.S. FreeBSD 10.0-CURRENT.
After not having luck with ntlm_auth in samba4, I decided to return and
to investigate this problem.
In wireshark I see that this looping is actually a sequence of
exchanges AS-REQ - KRB5KDC_ERR_PREAUTH_REQUIRED. After two tries I got
this (looping detected ...) error from kinit.
What is the reason of samba kinit not preauthenticating (while FreeBSD's
kinit does, because it works) ?
Plus, after each joining retry I got in 'Active directory users in
computers' a new machine account from this samba instance (does this
mean it has actually joined ?).
below is the link to a -d 10 output from the net ads join:
http://tech.hq.norma.perm.ru/files/join.log
Thanks.
Eugene.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba