Jean-Yves, did you tried the advice from Sam Hartman in comment #12 ?
Is is still an issue with Ubuntu 10.10 - Maverick ?
Was it an issue in Ubuntu 9.10 ?
** Also affects: krb5 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Tags added: regression-release
** Tags removed: regression-potential
** Changed in: krb5 (Ubuntu Lucid)
Status: New => Confirmed
** Changed in: krb5 (Ubuntu Lucid)
Importance: Undecided => Medium
** Description changed:
Environment:
The installed distributions use kerberos and likewise to identify the user to
an Active Directory Server.
The client configuration on 9.04 is basic and efficient. I use the same
configuration file (krb5.conf) on 10.04.
Kerberos and likewise come from ubuntu repository for each distribution (9.04
and 10.04).
Description:
Using 9.04 to auth with kerberos/likewise works fine: tickets ok, everything
is done login in one time only.
Using 10.04 to auth the same way leads to an error and forbids the access:
user login ok but the access to other ressources is forbidden, most often
returning: KRB Error: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN.
The likewise-open5 versions used are the same on both distributions.
I tested with same versions of kerberos on both distributions and i got the
same results.
- I thought the "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN" was related to a dns problem
but when i solved this the following appears:
- the client sends a TGS_REQ, containing the "Encryption type: rc4-hmac
(23)", to the server.
- the server answers "KRB5KDC_ERR_ETYPE_NOSUPP (14)"
- 10.04 sends a section "Authenticator rc4-hmac (23)" in PA-TGS-REQ , 9.04
doesn't.
+ I thought the "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN" was related to a dns problem
but when i solved this the following appears:
+ the client sends a TGS_REQ, containing the "Encryption type: rc4-hmac
(23)", to the server.
+ the server answers "KRB5KDC_ERR_ETYPE_NOSUPP (14)"
+ 10.04 sends a section "Authenticator rc4-hmac (23)" in PA-TGS-REQ , 9.04
doesn't.
There's no such error using ubuntu-9.04.
I grab theses informations sniffing the local network with wireshark.
Is there anybody experiencing the same problems ?
How can i fix this ?
thanx
+
+ == Regression details ==
+ Discovered in version: lucid 10.04 : krb5-user 1.8.1+dfsg-2 with likewise
5.3.0-1
+ Last known good version: jaunty - krb5-user 1.6.dfsg.4~beta1-5ubuntu2.2 with
likewise-open5 5.0.3991.1-0ubuntu2
--
krb5 and ADS error using 10.04, not 9.04
https://bugs.launchpad.net/bugs/567188
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
