Hi,
> What happens if you call > > kinit [email protected] It asks for password and current password is working for getting kerberos ticket and not asking me to reset the password. > > > on the Linux command line. Are you asekd you for new password here? If > not Samba might not return the right error code to indicate that the > password is expired. I posted this query in samba mailing list also but they told me that if Windows 7 client is working fine then Samba is working fine. > In this case it would be nice if you can send the > output of > > KRB5_TRACE=/dev/stdout kinit [email protected] > > Here is the output of the above command, # KRB5_TRACE=/dev/stdout kinit test [2507] 1420693228.971649: Getting initial credentials for [email protected] [2507] 1420693228.974468: Sending request (210 bytes) to INTRA.EXAMPLE.COM [2507] 1420693228.976230: Sending initial UDP request to dgram 172.16.0.170:8880 [2507] 1420693228.981059: Received answer from dgram 172.16.0.170:8880 [2507] 1420693228.981167: Response was not from master KDC [2507] 1420693228.981252: Received error from KDC: -1765328359/Additional pre-authentication required [2507] 1420693228.981413: Processing preauth types: 16, 15, 2, 138, 136, 11, 19 [2507] 1420693228.981477: Selected etype info: etype rc4-hmac, salt "INTRA.EXAMPLE.COMtest", params "" [2507] 1420693228.981532: Selected etype info: etype rc4-hmac, salt "INTRA.EXAMPLE.COMtest", params "" Password for [email protected]: [2507] 1420693231.111979: AS key obtained for encrypted timestamp: rc4-hmac/3CC1 [2507] 1420693231.112235: Encrypted timestamp (for 1420693231.112064): plain 301AA011180F32303135303130383035303033315AA105020301B5C0, encrypted F92A0E3BEF336E51C24C4CB9E8EB1ACE49ECA2BE32C9ABD207062898FD593268EEA31CF0185BE2B2B05F3A4A47328E9B1149AFA0 [2507] 1420693231.112272: Preauth module encrypted_timestamp (2) (flags=1) returned: 0/Success [2507] 1420693231.112292: Produced preauth for next request: 2 [2507] 1420693231.112341: Sending request (286 bytes) to INTRA.EXAMPLE.COM [2507] 1420693231.112611: Sending initial UDP request to dgram 172.16.0.170:8880 [2507] 1420693231.116296: Received answer from dgram 172.16.0.170:8880 [2507] 1420693231.116448: Response was not from master KDC [2507] 1420693231.116573: Processing preauth types: 3 [2507] 1420693231.116586: Received salt "��" via padata type 3 [2507] 1420693231.116597: Produced preauth for next request: (empty) [2507] 1420693231.116616: AS key determined by preauth: rc4-hmac/3CC1 [2507] 1420693231.116694: Decrypted AS reply; session key is: rc4-hmac/4D55 [2507] 1420693231.116724: FAST negotiation: available [2507] 1420693231.116729: Initializing FILE:/tmp/krb5cc_0 with default princ [email protected] [2507] 1420693231.117523: Removing [email protected] -> krbtgt/ [email protected] from FILE:/tmp/krb5cc_0 [2507] 1420693231.117542: Storing [email protected] -> krbtgt/ [email protected] in FILE:/tmp/krb5cc_0 [2507] 1420693231.117710: Storing config in FILE:/tmp/krb5cc_0 for krbtgt/ [email protected]: fast_avail: yes [2507] 1420693231.117903: Removing [email protected] -> krb5_ccache_conf_data/fast_avail/krbtgt\/INTRA.EXAMPLE.COM \@INTRA.EXAMPLE.COM@X-CACHECONF: from FILE:/tmp/krb5cc_0 [2507] 1420693231.117920: Storing [email protected] -> krb5_ccache_conf_data/fast_avail/krbtgt\/INTRA.EXAMPLE.COM \@INTRA.EXAMPLE.COM@X-CACHECONF: in FILE:/tmp/krb5cc_0 --Regards Ashishkumar S. Yadav
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
