Re: login into workstation impossible

To: debian-edu@lists.debian.org
Subject: Re: login into workstation impossible
From: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>
Date: Thu, 19 Dec 2024 23:27:21 +0100
Message-id: <[🔎] 36a037b0906ae18517d74d68f2c5bbbcafd6734b.camel@yucom.be>
In-reply-to: <[🔎] 7157d3c08119d84224d4325a5c5a268192442ed5.camel@yucom.be>
References: <[🔎] 7157d3c08119d84224d4325a5c5a268192442ed5.camel@yucom.be>

Hi,

Some additional information below

Frans Spiesschaert schreef op do 19-12-2024 om 17:39 [+0100]:
> Hi,
> 
> After I changed a diskless workstation into a workstation, users are
> no
> longer able to log into it.
> I installed the system via the servers PXE menu.
> I added it to Gosa with sitesummary2ldapdhcp.
> I made the system a member of the NIS Netgroups all-hosts,
> fsautoresize-hosts, printer-hosts, workstation-hosts.
> I rebooted the system, logged into it as root and did run
> /usr/share/debian-edu-config/tools/copy-host-keytab.
> 
> So far so good, but after I rebooted the system again, still only
> root
> is able to log into it.
> 
> /var/log/auth.log reads as follows:
> 
> 2024-12-19T16:58:06.101160+01:00 Joy-it lightdm:
> pam_krb5(lightdm:auth): (user lieve) credential verification failed:
> Cannot find key for host/Joy-it.intern@INTERN kvno 3 in keytab

This entry shows that lightdm is looking for a key with a kvno value of
3 in the keytab file, but this value is set to 2 in the host keytab:

ktutil:  read_kt /etc/krb5.keytab
ktutil:  list
slot KVNO Principal
---- ---- -------------------------------------------------------------
   1    2                host/Joy-it.intern@INTERN
   2    2                host/Joy-it.intern@INTERN
   3    2                 nfs/Joy-it.intern@INTERN
   4    2                 nfs/Joy-it.intern@INTERN

I have no clue how to lower the kvno value in the lightdm request or
how to increase that value in /etc/krb5.keytab.

(After root did login to workstation Joy-it, user lieve does not have
any problem to get initial credentials at the command line with kinit)

> 
> 2024-12-19T16:58:06.101375+01:00 Joy-it lightdm:
> pam_krb5(lightdm:auth): authentication failure; logname=lieve uid=0
> euid=0 tty=:0 ruser= rhost=
> 
> 2024-12-19T16:58:06.103157+01:00 Joy-it lightdm:
> pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0
> tty=:0 ruser= rhost=  user=lieve
> 
> 2024-12-19T16:58:25.664499+01:00 Joy-it lightdm: gkr-pam: unable to
> locate daemon control file
> 
> 2024-12-19T16:58:25.664762+01:00 Joy-it lightdm: gkr-pam: stashed
> password to try later in open session
> 
> 2024-12-19T16:58:25.847073+01:00 Joy-it lightdm:
> pam_unix(lightdm-greeter:session): session closed for user lightdm
> 
> 
> Anybody a hint to solve this issue?
>  
> 

-- 
Met vriendelijke groet,
Frans Spiesschaert

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Re: login into workstation impossible
  - From: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>

References:
- login into workstation impossible
  - From: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>

Prev by Date: login into workstation impossible
Next by Date: Re: login into workstation impossible
Previous by thread: login into workstation impossible
Next by thread: Re: login into workstation impossible
Index(es):
- Date
- Thread