[NTLUG:Discuss] Making a spam shield server
Chris Cox
cjcox at acm.org
Tue Feb 13 14:36:59 CST 2007
. Daniel wrote:
> Okay, so what do I do with this KDC stuff?
>
> Good thing I didn't send this. Ran a google on some of the error output (a
> good practice that I never do enough is to simply copy the error message
> and paste it into google.com... answers are to be found quite often!)
>
> So I learned where someone said "your kerberos isn't configured correctly."
> So I went in and changed everything the way I "think" it should be. Made
> everything match the domain here and all that. Made it use DNS lookups
> too. (It didn't work any differently when I didn't have DNS lookups
> enabled.) And now the error messages have changed for the better. See
> below:
>
> ---
> Binding to domain with command /usr/bin/net join -U Administrator ..
>
> Administrator's password:
> [2007/02/13 13:41:07, 0] libads/ldap.c:ads_add_machine_acct(1405)
> ads_add_machine_acct: Host account for huckshield already exists -
> modifying old account
> [2007/02/13 13:41:08, 0] libads/kerberos.c:get_service_ticket(335)
> get_service_ticket: kerberos_kinit_password
> HUCKSHIELD$@HUCKABEE-INC.COM at HUCKABEE-INC.COM failed: Preauthentication
> failed
Most popular reason for preauthentication failures with kerberos
is that the machines are not time sync'd. They have to have the
same time in order for this to work.... I'd check into that.
More information about the Discuss
mailing list