Hi, Some more details below (sorry for the fuss) Frans Spiesschaert schreef op do 19-12-2024 om 23:27 [+0100]: > Hi, > > Some additional information below > > Frans Spiesschaert schreef op do 19-12-2024 om 17:39 [+0100]: > > Hi, > > > > After I changed a diskless workstation into a workstation, users > > are > > no > > longer able to log into it. > > I installed the system via the servers PXE menu. > > I added it to Gosa with sitesummary2ldapdhcp. > > I made the system a member of the NIS Netgroups all-hosts, > > fsautoresize-hosts, printer-hosts, workstation-hosts. > > I rebooted the system, logged into it as root and did run > > /usr/share/debian-edu-config/tools/copy-host-keytab. > > > > So far so good, but after I rebooted the system again, still only > > root > > is able to log into it. > > > > /var/log/auth.log reads as follows: > > > > 2024-12-19T16:58:06.101160+01:00 Joy-it lightdm: > > pam_krb5(lightdm:auth): (user lieve) credential verification > > failed: > > Cannot find key for host/Joy-it.intern@INTERN kvno 3 in keytab > > This entry shows that lightdm is looking for a key with a kvno value > of > 3 in the keytab file, but this value is set to 2 in the host keytab: > > ktutil: read_kt /etc/krb5.keytab > ktutil: list > slot KVNO Principal > ---- ---- ----------------------------------------------------------- > -- > 1 2 host/Joy-it.intern@INTERN > 2 2 host/Joy-it.intern@INTERN > 3 2 nfs/Joy-it.intern@INTERN > 4 2 nfs/Joy-it.intern@INTERN > > I have no clue how to lower the kvno value in the lightdm request or > how to increase that value in /etc/krb5.keytab. Both on tjener and on Joy-it kvno is reporting a value of 3 for host/Joy-it.intern (in contrast to the value in the keytab file): frans@tjener:~$ sudo kvno host/Joy-it.intern host/Joy-it.intern@INTERN: kvno = 3 root@Joy-it:~# kvno host/Joy-it.intern host/Joy-it.intern@INTERN: kvno = 3 > > (After root did login to workstation Joy-it, user lieve does not have > any problem to get initial credentials at the command line with > kinit) > > > > > 2024-12-19T16:58:06.101375+01:00 Joy-it lightdm: > > pam_krb5(lightdm:auth): authentication failure; logname=lieve uid=0 > > euid=0 tty=:0 ruser= rhost= > > > > 2024-12-19T16:58:06.103157+01:00 Joy-it lightdm: > > pam_unix(lightdm:auth): authentication failure; logname= uid=0 > > euid=0 > > tty=:0 ruser= rhost= user=lieve > > > > 2024-12-19T16:58:25.664499+01:00 Joy-it lightdm: gkr-pam: unable to > > locate daemon control file > > > > 2024-12-19T16:58:25.664762+01:00 Joy-it lightdm: gkr-pam: stashed > > password to try later in open session > > > > 2024-12-19T16:58:25.847073+01:00 Joy-it lightdm: > > pam_unix(lightdm-greeter:session): session closed for user lightdm > > > > > > Anybody a hint to solve this issue? > > > > > -- Met vriendelijke groet, Frans Spiesschaert
Attachment:
signature.asc
Description: This is a digitally signed message part