pitaya search gggm.intnameserver 192.168.2.26 [libdefaults] default

1. pitaya
2.  
3. search gggm.int
4. nameserver 192.168.2.26
5.  
6. [libdefaults]
7. default_realm = GGGM.INT
8. dns_lookup_realm = false
9. dns_lookup_kdc = true
10.  
11. [domain_realm]
12. .gggm.int = GGGM.INT
13.  
14. [global]
15. netbios name = PITAYA
16. realm = GGGM.INT
17. workgroup = GGGM
18. server role = active directory domain controller
19. dns forwarder = 192.168.2.1
20. idmap_ldb:use rfc2307 = yes
21. log level = 2
22. server string = Pitaya
23. winbind enum users = yes
24. winbind enum groups = yes
25. template homedir = /home/%U
26. template shell = /bin/bash
27. username map = /etc/samba/user.map
28. kerberos method = secrets and keytab
29.  
30. tls enabled = yes
31. tls keyfile = /var/lib/samba/private/tls/sambaKey.pem
32. tls certfile = /var/lib/samba/private/tls/sambaCert.pem
33. tls cafile = /var/lib/samba/private/tls/crt.ca-chain.pem
34.  
35. <Share configuration skipped...>
36.  
37. [sssd]
38. services = nss, pam, sudo, ssh
39. config_file_version = 2
40. domains = GGGM.INT
41. full_name_format = %1$s
42.  
43. [domain/GGGM.INT]
44. ad_domain = gggm.int
45. id_provider = ad
46. auth_provider = ad
47. access_provider = ad
48. sudo_provider = ad
49. use_fully_qualified_names = false
50. ldap_id_mapping = false
51. ldap_referrals = false
52. override_homedir = /home/%u
53. enumerate = true
54. ldap_sudo_search_base = OU=sudoers,OU=gggm.int,DC=gggm,DC=int
55. ad_gpo_access_control = permissive
56. dyndns_update = false
57.  
58. Linux pitaya 4.14.79-v7+ #1159 SMP Sun Nov 4 17:50:20 GMT 2018 armv7l GNU/Linux
59.  
60. root@pitaya ~ # host pitaya
61. pitaya.gggm.int has address 192.168.2.26
62. root@pitaya ~ # host 192.168.2.26
63. 26.2.168.192.in-addr.arpa domain name pointer pitaya.gggm.int.
64. root@pitaya ~ # host -t SRV _ldap._tcp.gggm.int
65. _ldap._tcp.gggm.int has SRV record 0 100 389 pitaya.gggm.int.
66. root@pitaya ~ # host -t SRV _kerberos._tcp.gggm.int
67. _kerberos._tcp.gggm.int has SRV record 0 100 88 pitaya.gggm.int.
68. root@pitaya ~ #
69.  
70. root@pitaya ~ # kinit ghigad
71. Password for ghigad@GGGM.INT:
72. root@pitaya ~ # klist
73. Ticket cache: FILE:/tmp/krb5cc_0
74. Default principal: ghigad@GGGM.INT
75.  
76. Valid starting Expires Service principal
77. 03/01/19 12:38:35 03/01/19 22:38:35 krbtgt/GGGM.INT@GGGM.INT
78. renew until 04/01/19 12:38:32
79. root@pitaya ~ #
80.  
81. root@pitaya ~ # smbclient -k -L pitaya
82. Domain=[GGGM] OS=[Windows 6.1] Server=[Samba 4.5.12-Debian]
83.  
84. Sharename Type Comment
85. --------- ---- -------
86. netlogon Disk
87. sysvol Disk
88. IPC$ IPC IPC Service (Pitaya)
89. Domain=[GGGM] OS=[Windows 6.1] Server=[Samba 4.5.12-Debian]
90.  
91. Server Comment
92. --------- -------
93.  
94. Workgroup Master
95. --------- -------
96. root@pitaya ~ #
97.  
98. root@pitaya ~ # kdestroy
99. root@pitaya ~ # kinit -k PITAYA$
100. root@pitaya ~ # klist
101. Ticket cache: FILE:/tmp/krb5cc_0
102. Default principal: PITAYA$@GGGM.INT
103.  
104. Valid starting Expires Service principal
105. 03/01/19 12:43:17 03/01/19 22:43:17 krbtgt/GGGM.INT@GGGM.INT
106. renew until 04/01/19 12:43:17
107. root@pitaya ~ #
108.  
109. checking the NETLOGON for domain[GGGM] dc connection to "pitaya.gggm.int" succeeded
110.  
111. root@pitaya ~ # samba-tool dbcheck
112. Processing section "[netlogon]"
113. Processing section "[sysvol]"
114. pm_process() returned Yes
115. schema_fsmo_init: we are master[yes] updates allowed[no]
116. schema_fsmo_init: we are master[yes] updates allowed[no]
117. Checking 400 objects
118. Checked 400 objects (0 errors)
119.  
120. root@pitaya ~ # klist -kte
121. Keytab name: FILE:/etc/krb5.keytab
122. KVNO Timestamp Principal
123. ---- ----------------- --------------------------------------------------------
124. 3 31/12/18 12:16:18 host/pitaya.gggm.int@GGGM.INT (des-cbc-crc)
125. 3 31/12/18 12:16:18 host/PITAYA@GGGM.INT (des-cbc-crc)
126. 3 31/12/18 12:16:18 host/pitaya.gggm.int@GGGM.INT (des-cbc-md5)
127. 3 31/12/18 12:16:18 host/PITAYA@GGGM.INT (des-cbc-md5)
128. 3 31/12/18 12:16:18 host/pitaya.gggm.int@GGGM.INT (aes128-cts-hmac-sha1-96)
129. 3 31/12/18 12:16:18 host/PITAYA@GGGM.INT (aes128-cts-hmac-sha1-96)
130. 3 31/12/18 12:16:18 host/pitaya.gggm.int@GGGM.INT (aes256-cts-hmac-sha1-96)
131. 3 31/12/18 12:16:18 host/PITAYA@GGGM.INT (aes256-cts-hmac-sha1-96)
132. 3 31/12/18 12:16:18 host/pitaya.gggm.int@GGGM.INT (arcfour-hmac)
133. 3 31/12/18 12:16:18 host/PITAYA@GGGM.INT (arcfour-hmac)
134. 3 31/12/18 12:16:18 gc/pitaya.gggm.int@GGGM.INT (des-cbc-crc)
135. 3 31/12/18 12:16:18 gc/PITAYA@GGGM.INT (des-cbc-crc)
136. 3 31/12/18 12:16:18 gc/pitaya.gggm.int@GGGM.INT (des-cbc-md5)
137. 3 31/12/18 12:16:18 gc/PITAYA@GGGM.INT (des-cbc-md5)
138. 3 31/12/18 12:16:18 gc/pitaya.gggm.int@GGGM.INT (aes128-cts-hmac-sha1-96)
139. 3 31/12/18 12:16:18 gc/PITAYA@GGGM.INT (aes128-cts-hmac-sha1-96)
140. 3 31/12/18 12:16:18 gc/pitaya.gggm.int@GGGM.INT (aes256-cts-hmac-sha1-96)
141. 3 31/12/18 12:16:18 gc/PITAYA@GGGM.INT (aes256-cts-hmac-sha1-96)
142. 3 31/12/18 12:16:18 gc/pitaya.gggm.int@GGGM.INT (arcfour-hmac)
143. 3 31/12/18 12:16:18 gc/PITAYA@GGGM.INT (arcfour-hmac)
144. 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/pitaya.gggm.int@GGGM.INT (des-cbc-crc)
145. 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/PITAYA@GGGM.INT (des-cbc-crc)
146. 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/pitaya.gggm.int@GGGM.INT (des-cbc-md5)
147. 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/PITAYA@GGGM.INT (des-cbc-md5)
148. 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/pitaya.gggm.int@GGGM.INT (aes128-cts-hmac-sha1-96)
149. 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/PITAYA@GGGM.INT (aes128-cts-hmac-sha1-96)
150. 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/pitaya.gggm.int@GGGM.INT (aes256-cts-hmac-sha1-96)
151. 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/PITAYA@GGGM.INT (aes256-cts-hmac-sha1-96)
152. 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/pitaya.gggm.int@GGGM.INT (arcfour-hmac)
153. 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/PITAYA@GGGM.INT (arcfour-hmac)
154. 3 31/12/18 12:16:18 ldap/pitaya.gggm.int@GGGM.INT (des-cbc-crc)
155. 3 31/12/18 12:16:18 ldap/PITAYA@GGGM.INT (des-cbc-crc)
156. 3 31/12/18 12:16:18 ldap/pitaya.gggm.int@GGGM.INT (des-cbc-md5)
157. 3 31/12/18 12:16:18 ldap/PITAYA@GGGM.INT (des-cbc-md5)
158. 3 31/12/18 12:16:18 ldap/pitaya.gggm.int@GGGM.INT (aes128-cts-hmac-sha1-96)
159. 3 31/12/18 12:16:18 ldap/PITAYA@GGGM.INT (aes128-cts-hmac-sha1-96)
160. 3 31/12/18 12:16:18 ldap/pitaya.gggm.int@GGGM.INT (aes256-cts-hmac-sha1-96)
161. 3 31/12/18 12:16:18 ldap/PITAYA@GGGM.INT (aes256-cts-hmac-sha1-96)
162. 3 31/12/18 12:16:18 ldap/pitaya.gggm.int@GGGM.INT (arcfour-hmac)
163. 3 31/12/18 12:16:18 ldap/PITAYA@GGGM.INT (arcfour-hmac)
164. 3 31/12/18 12:16:18 restrictedkrbhost/pitaya.gggm.int@GGGM.INT (des-cbc-crc)
165. 3 31/12/18 12:16:18 restrictedkrbhost/PITAYA@GGGM.INT (des-cbc-crc)
166. 3 31/12/18 12:16:18 restrictedkrbhost/pitaya.gggm.int@GGGM.INT (des-cbc-md5)
167. 3 31/12/18 12:16:18 restrictedkrbhost/PITAYA@GGGM.INT (des-cbc-md5)
168. 3 31/12/18 12:16:18 restrictedkrbhost/pitaya.gggm.int@GGGM.INT (aes128-cts-hmac-sha1-96)
169. 3 31/12/18 12:16:18 restrictedkrbhost/PITAYA@GGGM.INT (aes128-cts-hmac-sha1-96)
170. 3 31/12/18 12:16:18 restrictedkrbhost/pitaya.gggm.int@GGGM.INT (aes256-cts-hmac-sha1-96)
171. 3 31/12/18 12:16:18 restrictedkrbhost/PITAYA@GGGM.INT (aes256-cts-hmac-sha1-96)
172. 3 31/12/18 12:16:18 restrictedkrbhost/pitaya.gggm.int@GGGM.INT (arcfour-hmac)
173. 3 31/12/18 12:16:18 restrictedkrbhost/PITAYA@GGGM.INT (arcfour-hmac)
174. 3 31/12/18 12:16:18 krbtgt/pitaya.gggm.int@GGGM.INT (des-cbc-crc)
175. 3 31/12/18 12:16:18 krbtgt/PITAYA@GGGM.INT (des-cbc-crc)
176. 3 31/12/18 12:16:18 krbtgt/pitaya.gggm.int@GGGM.INT (des-cbc-md5)
177. 3 31/12/18 12:16:18 krbtgt/PITAYA@GGGM.INT (des-cbc-md5)
178. 3 31/12/18 12:16:18 krbtgt/pitaya.gggm.int@GGGM.INT (aes128-cts-hmac-sha1-96)
179. 3 31/12/18 12:16:19 krbtgt/PITAYA@GGGM.INT (aes128-cts-hmac-sha1-96)
180. 3 31/12/18 12:16:19 krbtgt/pitaya.gggm.int@GGGM.INT (aes256-cts-hmac-sha1-96)
181. 3 31/12/18 12:16:19 krbtgt/PITAYA@GGGM.INT (aes256-cts-hmac-sha1-96)
182. 3 31/12/18 12:16:19 krbtgt/pitaya.gggm.int@GGGM.INT (arcfour-hmac)
183. 3 31/12/18 12:16:19 krbtgt/PITAYA@GGGM.INT (arcfour-hmac)
184. 3 31/12/18 12:16:19 PITAYA$@GGGM.INT (arcfour-hmac)
185. 3 31/12/18 12:16:19 PITAYA$@GGGM.INT (aes256-cts-hmac-sha1-96)
186. 3 31/12/18 12:16:19 PITAYA$@GGGM.INT (aes128-cts-hmac-sha1-96)
187. 3 31/12/18 12:16:19 PITAYA$@GGGM.INT (des-cbc-md5)
188. 3 31/12/18 12:16:19 PITAYA$@GGGM.INT (des-cbc-crc)
189.  
190. root@pitaya ~ # wbinfo -a ghigad
191. Enter ghigad's password:
192. plaintext password authentication succeeded
193. Enter ghigad's password:
194. challenge/response password authentication failed
195. wbcAuthenticateUserEx(GGGMghigad): error code was NT_STATUS_WRONG_PASSWORD (0xc000006a)
196. error message was: Wrong Password
197. Could not authenticate user ghigad with challenge/response
198. root@pitaya ~ #
199.  
200. root@pitaya ~ # kinit -k
201. kinit: Preauthentication failed while getting initial credentials
202. root@pitaya ~ #
203.  
204. [2019/01/03 12:51:23.391820, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
205. Kerberos: Failed to decrypt PA-DATA -- host/pitaya.gggm.int@GGGM.INT (enctype aes256-cts-hmac-sha1-96) error Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
206. [2019/01/03 12:51:23.392318, 5] ../source4/dsdb/common/util.c:5252(dsdb_update_bad_pwd_count)
207. Not updating badPwdCount on CN=PITAYA,OU=Domain Controllers,DC=gggm,DC=int after wrong password
208. [2019/01/03 12:51:23.392435, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
209. Kerberos: Failed to decrypt PA-DATA -- host/pitaya.gggm.int@GGGM.INT