I have no idea how to fix it...
I tried setting the log level to 3 and this happens:
As you can see, the authentication is successful, so I tried the following commands:[2022/10/04 12:11:58.018256, 3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ admuser@example.net from ipv4:172.27.2.58:50124 for krbtgt/example.net@example.net
[2022/10/04 12:11:58.039839, 3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: 128
[2022/10/04 12:11:58.040080, 3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- admuser@example.net
[2022/10/04 12:11:58.040191, 3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- admuser@example.net
[2022/10/04 12:11:58.040341, 3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- admuser@example.net
[2022/10/04 12:11:58.043598, 3] ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2022/10/04 12:11:58.054880, 3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ admuser@example.net from ipv4:172.27.2.58:50125 for krbtgt/example.net@example.net
[2022/10/04 12:11:58.076255, 3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: encrypted-timestamp, 128
[2022/10/04 12:11:58.076483, 3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- admuser@example.net
[2022/10/04 12:11:58.076587, 3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- admuser@example.net
[2022/10/04 12:11:58.077527, 3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: ENC-TS Pre-authentication succeeded -- admuser@example.net using aes256-cts-hmac-sha1-96
[2022/10/04 12:11:58.077840, 3] ../../auth/auth_log.c:635(log_authentication_event_human_readable)
Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)]\[admuser@example.net] at [Tue, 04 Oct 2022 12:11:58.077747 CEST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation [(null)] remote host [ipv4:172.27.2.58:50125] became [EXAMPLE]\[admuser] [S-1-5-21-578677625-3635414378-1858279571-1104]. local host [NULL]
{"timestamp": "2022-10-04T12:11:58.086113+0200", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4624, "logonId": "c61be2b0d84a3e12", "logonType": 3, "status": "NT_STATUS_OK", "localAddress": null, "remoteAddress": "ipv4:172.27.2.58:50125", "serviceDescription": "Kerberos KDC", "authDescription": "ENC-TS Pre-authentication", "clientDomain": null, "clientAccount": "admuser@example.net", "workstation": null, "becameAccount": "admuser", "becameDomain": "EXAMPLE", "becameSid": "S-1-5-21-578677625-3635414378-1858279571-1104", "mappedAccount": "admuser", "mappedDomain": "EXAMPLE", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "aes256-cts-hmac-sha1-96", "duration": 31663}}
[2022/10/04 12:11:58.160727, 3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ authtime: 2022-10-04T12:11:58 starttime: unset endtime: 2022-10-04T22:11:58 renew till: 2022-10-11T12:11:58
[2022/10/04 12:11:58.161033, 3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
[2022/10/04 12:11:58.161206, 3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Requested flags: renewable-ok, canonicalize, renewable, forwardable
[2022/10/04 12:11:58.165799, 3] ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2022/10/04 12:11:58.178036, 3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Failed to verify authenticator checksum: Decrypt integrity check failed for checksum type rsa-md5, key type aes256-cts-hmac-sha1-96
[2022/10/04 12:11:58.178282, 3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Failed parsing TGS-REQ from ipv4:172.27.2.58:50126
This originally worked but now i get "Host not found"... what could have changed?root@SMBDC1:~# host -t SRV _ldap._tcp.example.net
_ldap._tcp.example.net has SRV record 0 100 389 smbdc1.example.net.
root@SMBDC1:~# host -t SRV _kerebros._udp.example.net
Host _kerebros._udp.example.net not found: 3(NXDOMAIN)
root@SMBDC1:~# host -t A focal.exapmle.net
Host focal.example.net not found: 3(NXDOMAIN)
this is my setup:
router: 172.27.0.1
smbdc: 172.27.1.1
dns: 172.27.1.2
dhcp range: 172.27.2.2 - 172.27.2.254
I route communication between the xxx.xxx.0.xxx, xxx.xxx.1.xxx and xxx.xxx.2.xxx ip ranges and set the network mask to be 255.255.0.0
Again, it used to work perfectly, so I have no idea what it'ss making it not work...
Perhaps you think I should ask as well in some other forum that i'm not aware of?
ANY help is apreciated!
Thank you in advance
