Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- pitaya
- search gggm.int
- nameserver 192.168.2.26
- [libdefaults]
- default_realm = GGGM.INT
- dns_lookup_realm = false
- dns_lookup_kdc = true
- [domain_realm]
- .gggm.int = GGGM.INT
- [global]
- netbios name = PITAYA
- realm = GGGM.INT
- workgroup = GGGM
- server role = active directory domain controller
- dns forwarder = 192.168.2.1
- idmap_ldb:use rfc2307 = yes
- log level = 2
- server string = Pitaya
- winbind enum users = yes
- winbind enum groups = yes
- template homedir = /home/%U
- template shell = /bin/bash
- username map = /etc/samba/user.map
- kerberos method = secrets and keytab
- tls enabled = yes
- tls keyfile = /var/lib/samba/private/tls/sambaKey.pem
- tls certfile = /var/lib/samba/private/tls/sambaCert.pem
- tls cafile = /var/lib/samba/private/tls/crt.ca-chain.pem
- <Share configuration skipped...>
- [sssd]
- services = nss, pam, sudo, ssh
- config_file_version = 2
- domains = GGGM.INT
- full_name_format = %1$s
- [domain/GGGM.INT]
- ad_domain = gggm.int
- id_provider = ad
- auth_provider = ad
- access_provider = ad
- sudo_provider = ad
- use_fully_qualified_names = false
- ldap_id_mapping = false
- ldap_referrals = false
- override_homedir = /home/%u
- enumerate = true
- ldap_sudo_search_base = OU=sudoers,OU=gggm.int,DC=gggm,DC=int
- ad_gpo_access_control = permissive
- dyndns_update = false
- Linux pitaya 4.14.79-v7+ #1159 SMP Sun Nov 4 17:50:20 GMT 2018 armv7l GNU/Linux
- root@pitaya ~ # host pitaya
- pitaya.gggm.int has address 192.168.2.26
- root@pitaya ~ # host 192.168.2.26
- 26.2.168.192.in-addr.arpa domain name pointer pitaya.gggm.int.
- root@pitaya ~ # host -t SRV _ldap._tcp.gggm.int
- _ldap._tcp.gggm.int has SRV record 0 100 389 pitaya.gggm.int.
- root@pitaya ~ # host -t SRV _kerberos._tcp.gggm.int
- _kerberos._tcp.gggm.int has SRV record 0 100 88 pitaya.gggm.int.
- root@pitaya ~ #
- root@pitaya ~ # kinit ghigad
- Password for ghigad@GGGM.INT:
- root@pitaya ~ # klist
- Ticket cache: FILE:/tmp/krb5cc_0
- Default principal: ghigad@GGGM.INT
- Valid starting Expires Service principal
- 03/01/19 12:38:35 03/01/19 22:38:35 krbtgt/GGGM.INT@GGGM.INT
- renew until 04/01/19 12:38:32
- root@pitaya ~ #
- root@pitaya ~ # smbclient -k -L pitaya
- Domain=[GGGM] OS=[Windows 6.1] Server=[Samba 4.5.12-Debian]
- Sharename Type Comment
- --------- ---- -------
- netlogon Disk
- sysvol Disk
- IPC$ IPC IPC Service (Pitaya)
- Domain=[GGGM] OS=[Windows 6.1] Server=[Samba 4.5.12-Debian]
- Server Comment
- --------- -------
- Workgroup Master
- --------- -------
- root@pitaya ~ #
- root@pitaya ~ # kdestroy
- root@pitaya ~ # kinit -k PITAYA$
- root@pitaya ~ # klist
- Ticket cache: FILE:/tmp/krb5cc_0
- Default principal: PITAYA$@GGGM.INT
- Valid starting Expires Service principal
- 03/01/19 12:43:17 03/01/19 22:43:17 krbtgt/GGGM.INT@GGGM.INT
- renew until 04/01/19 12:43:17
- root@pitaya ~ #
- checking the NETLOGON for domain[GGGM] dc connection to "pitaya.gggm.int" succeeded
- root@pitaya ~ # samba-tool dbcheck
- Processing section "[netlogon]"
- Processing section "[sysvol]"
- pm_process() returned Yes
- schema_fsmo_init: we are master[yes] updates allowed[no]
- schema_fsmo_init: we are master[yes] updates allowed[no]
- Checking 400 objects
- Checked 400 objects (0 errors)
- root@pitaya ~ # klist -kte
- Keytab name: FILE:/etc/krb5.keytab
- KVNO Timestamp Principal
- ---- ----------------- --------------------------------------------------------
- 3 31/12/18 12:16:18 host/pitaya.gggm.int@GGGM.INT (des-cbc-crc)
- 3 31/12/18 12:16:18 host/PITAYA@GGGM.INT (des-cbc-crc)
- 3 31/12/18 12:16:18 host/pitaya.gggm.int@GGGM.INT (des-cbc-md5)
- 3 31/12/18 12:16:18 host/PITAYA@GGGM.INT (des-cbc-md5)
- 3 31/12/18 12:16:18 host/pitaya.gggm.int@GGGM.INT (aes128-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 host/PITAYA@GGGM.INT (aes128-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 host/pitaya.gggm.int@GGGM.INT (aes256-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 host/PITAYA@GGGM.INT (aes256-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 host/pitaya.gggm.int@GGGM.INT (arcfour-hmac)
- 3 31/12/18 12:16:18 host/PITAYA@GGGM.INT (arcfour-hmac)
- 3 31/12/18 12:16:18 gc/pitaya.gggm.int@GGGM.INT (des-cbc-crc)
- 3 31/12/18 12:16:18 gc/PITAYA@GGGM.INT (des-cbc-crc)
- 3 31/12/18 12:16:18 gc/pitaya.gggm.int@GGGM.INT (des-cbc-md5)
- 3 31/12/18 12:16:18 gc/PITAYA@GGGM.INT (des-cbc-md5)
- 3 31/12/18 12:16:18 gc/pitaya.gggm.int@GGGM.INT (aes128-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 gc/PITAYA@GGGM.INT (aes128-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 gc/pitaya.gggm.int@GGGM.INT (aes256-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 gc/PITAYA@GGGM.INT (aes256-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 gc/pitaya.gggm.int@GGGM.INT (arcfour-hmac)
- 3 31/12/18 12:16:18 gc/PITAYA@GGGM.INT (arcfour-hmac)
- 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/pitaya.gggm.int@GGGM.INT (des-cbc-crc)
- 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/PITAYA@GGGM.INT (des-cbc-crc)
- 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/pitaya.gggm.int@GGGM.INT (des-cbc-md5)
- 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/PITAYA@GGGM.INT (des-cbc-md5)
- 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/pitaya.gggm.int@GGGM.INT (aes128-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/PITAYA@GGGM.INT (aes128-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/pitaya.gggm.int@GGGM.INT (aes256-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/PITAYA@GGGM.INT (aes256-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/pitaya.gggm.int@GGGM.INT (arcfour-hmac)
- 3 31/12/18 12:16:18 e3514235-4b06-11d1-ab04-00c04fc2dcd2/PITAYA@GGGM.INT (arcfour-hmac)
- 3 31/12/18 12:16:18 ldap/pitaya.gggm.int@GGGM.INT (des-cbc-crc)
- 3 31/12/18 12:16:18 ldap/PITAYA@GGGM.INT (des-cbc-crc)
- 3 31/12/18 12:16:18 ldap/pitaya.gggm.int@GGGM.INT (des-cbc-md5)
- 3 31/12/18 12:16:18 ldap/PITAYA@GGGM.INT (des-cbc-md5)
- 3 31/12/18 12:16:18 ldap/pitaya.gggm.int@GGGM.INT (aes128-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 ldap/PITAYA@GGGM.INT (aes128-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 ldap/pitaya.gggm.int@GGGM.INT (aes256-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 ldap/PITAYA@GGGM.INT (aes256-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 ldap/pitaya.gggm.int@GGGM.INT (arcfour-hmac)
- 3 31/12/18 12:16:18 ldap/PITAYA@GGGM.INT (arcfour-hmac)
- 3 31/12/18 12:16:18 restrictedkrbhost/pitaya.gggm.int@GGGM.INT (des-cbc-crc)
- 3 31/12/18 12:16:18 restrictedkrbhost/PITAYA@GGGM.INT (des-cbc-crc)
- 3 31/12/18 12:16:18 restrictedkrbhost/pitaya.gggm.int@GGGM.INT (des-cbc-md5)
- 3 31/12/18 12:16:18 restrictedkrbhost/PITAYA@GGGM.INT (des-cbc-md5)
- 3 31/12/18 12:16:18 restrictedkrbhost/pitaya.gggm.int@GGGM.INT (aes128-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 restrictedkrbhost/PITAYA@GGGM.INT (aes128-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 restrictedkrbhost/pitaya.gggm.int@GGGM.INT (aes256-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 restrictedkrbhost/PITAYA@GGGM.INT (aes256-cts-hmac-sha1-96)
- 3 31/12/18 12:16:18 restrictedkrbhost/pitaya.gggm.int@GGGM.INT (arcfour-hmac)
- 3 31/12/18 12:16:18 restrictedkrbhost/PITAYA@GGGM.INT (arcfour-hmac)
- 3 31/12/18 12:16:18 krbtgt/pitaya.gggm.int@GGGM.INT (des-cbc-crc)
- 3 31/12/18 12:16:18 krbtgt/PITAYA@GGGM.INT (des-cbc-crc)
- 3 31/12/18 12:16:18 krbtgt/pitaya.gggm.int@GGGM.INT (des-cbc-md5)
- 3 31/12/18 12:16:18 krbtgt/PITAYA@GGGM.INT (des-cbc-md5)
- 3 31/12/18 12:16:18 krbtgt/pitaya.gggm.int@GGGM.INT (aes128-cts-hmac-sha1-96)
- 3 31/12/18 12:16:19 krbtgt/PITAYA@GGGM.INT (aes128-cts-hmac-sha1-96)
- 3 31/12/18 12:16:19 krbtgt/pitaya.gggm.int@GGGM.INT (aes256-cts-hmac-sha1-96)
- 3 31/12/18 12:16:19 krbtgt/PITAYA@GGGM.INT (aes256-cts-hmac-sha1-96)
- 3 31/12/18 12:16:19 krbtgt/pitaya.gggm.int@GGGM.INT (arcfour-hmac)
- 3 31/12/18 12:16:19 krbtgt/PITAYA@GGGM.INT (arcfour-hmac)
- 3 31/12/18 12:16:19 PITAYA$@GGGM.INT (arcfour-hmac)
- 3 31/12/18 12:16:19 PITAYA$@GGGM.INT (aes256-cts-hmac-sha1-96)
- 3 31/12/18 12:16:19 PITAYA$@GGGM.INT (aes128-cts-hmac-sha1-96)
- 3 31/12/18 12:16:19 PITAYA$@GGGM.INT (des-cbc-md5)
- 3 31/12/18 12:16:19 PITAYA$@GGGM.INT (des-cbc-crc)
- root@pitaya ~ # wbinfo -a ghigad
- Enter ghigad's password:
- plaintext password authentication succeeded
- Enter ghigad's password:
- challenge/response password authentication failed
- wbcAuthenticateUserEx(GGGMghigad): error code was NT_STATUS_WRONG_PASSWORD (0xc000006a)
- error message was: Wrong Password
- Could not authenticate user ghigad with challenge/response
- root@pitaya ~ #
- root@pitaya ~ # kinit -k
- kinit: Preauthentication failed while getting initial credentials
- root@pitaya ~ #
- [2019/01/03 12:51:23.391820, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
- Kerberos: Failed to decrypt PA-DATA -- host/pitaya.gggm.int@GGGM.INT (enctype aes256-cts-hmac-sha1-96) error Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
- [2019/01/03 12:51:23.392318, 5] ../source4/dsdb/common/util.c:5252(dsdb_update_bad_pwd_count)
- Not updating badPwdCount on CN=PITAYA,OU=Domain Controllers,DC=gggm,DC=int after wrong password
- [2019/01/03 12:51:23.392435, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
- Kerberos: Failed to decrypt PA-DATA -- host/pitaya.gggm.int@GGGM.INT
Add Comment
Please, Sign In to add comment