It looks like you sent an email with only text/html, which the mailing list software strips out. You might want to make sure that you configure your email to send text/plain as well.
I'm quoting your previous message below so others can see it: <l...@avc.su> writes: > Hmmm. Not sure what happened. Here's the original text: > > Hello, list! > > I've stumbled upon a strange problem with acquiring ticket on CentOS 7 and > Fedora 23 machines from Read-Only Domain Controller on Microsoft Windows 2012 > R2. > I can get TGT from RODC, but can't get any TGS. Switching to nearest RW DC > fixes this problem, but that's just a workaround. Moreover, we're getting this > error not with all RODCs in the forest, but we are using single policy for RW > and RO domain controllers. Here's the trace of getting TGS: > > [root@centos7] # KRB5_TRACE=/dev/stdout kvno ldap/dc.contoso....@contoso.com > Getting credentials u...@contoso.com -> ldap/dc.contoso....@contoso.com using > ccache FILE:/tmp/krb5cc_0 > Retrieving u...@contoso.com -> ldap/dc.contoso....@contoso.com from FILE:/tmp/ > krb5cc_0 with result: -1765328243/Matching credential not found > Retrieving u...@contoso.com -> krbtgt/contoso....@contoso.com from FILE:/tmp/ > krb5cc_0 with result: 0/Success > Starting with TGT for client realm: u...@contoso.com -> krbtgt/ > contoso....@contoso.com > Requesting tickets for ldap/dc.contoso....@contoso.com, referrals on > Generated subkey for TGS request: aes256-cts/BECF > etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, > rc4-hmac, camellia128-cts, camellia256-cts > Encoding request body and padata into FAST request > Sending request (2185 bytes) to CONTOSO.COM > Resolving hostname dc.contoso.com > Initiating TCP connection to stream 192.168.0.100:88 > Sending TCP request to stream 192.168.0.100:88 > Resolving hostname dc.contoso.com > Sending initial UDP request to dgram 192.168.0.100:750 > Sending initial UDP request to dgram 192.168.0.100:88 > Sending retry UDP request to dgram 192.168.0.100:88 > Sending retry UDP request to dgram 192.168.0.100:88 > Terminating TCP connection to stream 192.168.0.100:88 > kvno: A service is not available that is required to process the request while > getting credentials for ldap/dc.contoso....@contoso.com > > At the first sight, it looks like a network problem. However, tcpdump + > wireshark revealed that the packets are being sent and received with no > errors, > and dc.contoso.com replies with 'KRB Error: KRB5KDC_ERR_SVC_UNAVAILABLE'. So > it > looks like a problem on the DC itself. However, there are no failures logged. > I can get TGT and TGS witn no errors when I'm using CentOS 6. Digging with > Wireshark revealed that TGS request on CentOS6 does not have FAST request in > TGS_REQ packet. Is preauth on this system going with encrypted timestamp? > I think it somehow related to Kerberos FAST protocol and its implementation on > Windows Server side. > How can I disable FAST on Kerberos to test this? > What else could I check in this situation? > > Thanks :) > > > 21.06.2016, 21:51, "l...@avc.su" <l...@avc.su>: > > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
