<div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">Hello,</div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif"><span style="color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">I re-configured auth from my clients via kerberos. Some machines are not being recognized and the server log shows the following:</span><br style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><div class="gmail-codebox" style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><p style="box-sizing:border-box;margin:0px 0px 10px">Code: <a href="https://forum.tranquil.it/viewtopic.php?f=13&t=1533#" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none">Select all</a></p><pre style="box-sizing:border-box;overflow:auto;font-family:Menlo,Monaco,Consolas,"Courier New",monospace;font-size:13px;padding:0px;margin-top:0px;margin-bottom:10px;line-height:1.42857;word-break:break-all;background:none;border:1px solid rgb(204,204,204);border-radius:4px"><code class="gmail-hljs gmail-bash" style="box-sizing:border-box;font-family:Menlo,Monaco,Consolas,"Courier New",monospace;font-size:inherit;padding:0.5em;color:rgb(68,68,68);background:rgb(240,240,240);border-radius:0px;white-space:pre-wrap;display:block;overflow-x:auto">Nov  8 11:33:26 wapt winbindd[6145]: [2018/11/08 11:33:26.387247,  0] ../<span class="gmail-hljs-built_in" style="box-sizing:border-box;color:rgb(57,115,0)">source</span>3/libsmb/cliconnect.c:1895(cli_session_setup_spnego_send)
Nov  8 11:33:26 wapt winbindd[6145]:   Kinit <span class="gmail-hljs-keyword" style="box-sizing:border-box;font-weight:bold">for</span> WAPT<span class="gmail-hljs-variable" style="box-sizing:border-box;color:rgb(188,96,96)">$@</span>... to access cifs/dc4....@... failed: Preauthentication failed</code></pre></div><span style="color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">Configs:</span><br style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><br style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><span style="box-sizing:border-box;font-weight:700;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">Installed version of WAPT</span><span style="color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">: 1.6.2.7</span><br style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><span style="box-sizing:border-box;font-weight:700;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">Server OS</span><span style="color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">: Linux Debian 9.6</span><br style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><span style="box-sizing:border-box;font-weight:700;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">OS of the administration machine/creation of packages</span><span style="color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">: Windows 7</span><br style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"></div><div class="gmail_default" style="font-family:tahoma,sans-serif"><span style="color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><br></span></div><div class="gmail_default" style="font-family:tahoma,sans-serif"><span style="color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">I made the configuration following the tutorial: </span><a href="https://www.wapt.fr/fr/doc/Installation/debian/install_kerberos_debian.html" class="gmail-postlink" style="box-sizing:border-box;color:rgb(51,122,183);text-decoration-line:none;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">https://www.wapt.fr/fr/doc/Installation ... ebian.html</a><br style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><br style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><span style="color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">Before executing the commands below the server was part of the domain, but after executing the commands,</span><br style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><div class="gmail-codebox" style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><p style="box-sizing:border-box;margin:0px 0px 10px">Code: <a href="https://forum.tranquil.it/viewtopic.php?f=13&t=1533#" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none">Select all</a></p><pre style="box-sizing:border-box;overflow:auto;font-family:Menlo,Monaco,Consolas,"Courier New",monospace;font-size:13px;padding:0px;margin-top:0px;margin-bottom:10px;line-height:1.42857;word-break:break-all;background:none;border:1px solid rgb(204,204,204);border-radius:4px"><code class="gmail-hljs gmail-javascript" style="box-sizing:border-box;font-family:Menlo,Monaco,Consolas,"Courier New",monospace;font-size:inherit;padding:0.5em;color:rgb(68,68,68);background:rgb(240,240,240);border-radius:0px;white-space:pre-wrap;display:block;overflow-x:auto">sudo msktutil --server DOMAIN_CONTROLER --precreate --host $(hostname) -b cn=computers --service HTTP --description <span class="gmail-hljs-string" style="box-sizing:border-box;color:rgb(136,0,0)">"host account for wapt server"</span> --enctypes <span class="gmail-hljs-number" style="box-sizing:border-box;color:rgb(136,0,0)">24</span> -N
sudo msktutil --server DOMAIN_CONTROLER --auto-update --keytab /etc/nginx/http-krb5.keytab --host $(hostname) -N</code></pre></div><span style="color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">it appears that the wapt server is removed from the domain.</span><br style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><blockquote class="gmail-uncited" style="box-sizing:border-box;font-size:14px;padding:10px 20px;margin:0px 0px 20px;border-left:3px solid rgb(51,122,183);color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background-color:rgb(245,245,245)"><div style="box-sizing:border-box">root@wapt:/etc/samba# net ads testjoin<br style="box-sizing:border-box">kerberos_kinit_password WAPT$@... failed: Preauthentication failed<br style="box-sizing:border-box">ads_connect: No logon servers are currently available to service the logon request.<br style="box-sizing:border-box">Join to domain is not valid: No logon servers are currently available to service the logon request.</div></blockquote><span style="color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">but the host is successfully registered.</span><br style="box-sizing:border-box;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><blockquote class="gmail-uncited" style="box-sizing:border-box;font-size:14px;padding:10px 20px;margin:0px 0px 20px;border-left:3px solid rgb(51,122,183);color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background-color:rgb(245,245,245)"><div style="box-sizing:border-box">c:\>psexec.exe /accepteula -s wapt-get register<br style="box-sizing:border-box"><br style="box-sizing:border-box">PsExec v2.2 - Execute processes remotely<br style="box-sizing:border-box">Copyright (C) 2001-2016 Mark Russinovich<br style="box-sizing:border-box">Sysinternals - <a href="http://www.sysinternals.com/" class="gmail-postlink" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none">www.sysinternals.com</a><br style="box-sizing:border-box"><br style="box-sizing:border-box">Host correctly registered against server <a href="https://wapt/" class="gmail-postlink" style="box-sizing:border-box;background-color:transparent;color:rgb(51,122,183);text-decoration-line:none">https://wapt</a>....</div></blockquote><span style="color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px">Is this normal after configuring authentication via kerberos?</span><span style="color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><br></span></div><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Elias Pereira</div></div>