Re: [SOLVED] login into workstation impossible

To: debian-edu@lists.debian.org
Subject: Re: [SOLVED] login into workstation impossible
From: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>
Date: Fri, 20 Dec 2024 23:25:33 +0100
Message-id: <[🔎] 8500906c40d703b75aee21b91f18acf688e614bb.camel@yucom.be>
In-reply-to: <[🔎] dae2c112ec0ecc10f597196351f3337a000fc921.camel@yucom.be>
References: <[🔎] 7157d3c08119d84224d4325a5c5a268192442ed5.camel@yucom.be> <[🔎] 36a037b0906ae18517d74d68f2c5bbbcafd6734b.camel@yucom.be> <[🔎] dae2c112ec0ecc10f597196351f3337a000fc921.camel@yucom.be>

Hi,

Frans Spiesschaert schreef op vr 20-12-2024 om 00:05 [+0100]:
> Hi,
> 
> Some more details below (sorry for the fuss)
> 
> Frans Spiesschaert schreef op do 19-12-2024 om 23:27 [+0100]:
> > Hi,
> > 
> > Some additional information below
> > 
> > Frans Spiesschaert schreef op do 19-12-2024 om 17:39 [+0100]:
> > > Hi,
> > > 
> > > After I changed a diskless workstation into a workstation, users
> > > are
> > > no
> > > longer able to log into it.
> > > I installed the system via the servers PXE menu.
> > > I added it to Gosa with sitesummary2ldapdhcp.
> > > I made the system a member of the NIS Netgroups all-hosts,
> > > fsautoresize-hosts, printer-hosts, workstation-hosts.
> > > I rebooted the system, logged into it as root and did run
> > > /usr/share/debian-edu-config/tools/copy-host-keytab.
> > > 
> > > So far so good, but after I rebooted the system again, still only
> > > root
> > > is able to log into it.
> > > 
> > > /var/log/auth.log reads as follows:
> > > 
> > > 2024-12-19T16:58:06.101160+01:00 Joy-it lightdm:
> > > pam_krb5(lightdm:auth): (user lieve) credential verification
> > > failed:
> > > Cannot find key for host/Joy-it.intern@INTERN kvno 3 in keytab
> > 
> > This entry shows that lightdm is looking for a key with a kvno
> > value
> > of
> > 3 in the keytab file, but this value is set to 2 in the host
> > keytab:
> > 
> > ktutil:  read_kt /etc/krb5.keytab
> > ktutil:  list
> > slot KVNO Principal
> > ---- ---- ---------------------------------------------------------
> > --
> > --
> >    1    2                host/Joy-it.intern@INTERN
> >    2    2                host/Joy-it.intern@INTERN
> >    3    2                 nfs/Joy-it.intern@INTERN
> >    4    2                 nfs/Joy-it.intern@INTERN
> > 
> > I have no clue how to lower the kvno value in the lightdm request
> > or
> > how to increase that value in /etc/krb5.keytab.
> 
> Both on tjener and on Joy-it kvno is reporting a value of 3 for
> host/Joy-it.intern (in contrast to the value in the keytab file):
> 
> frans@tjener:~$ sudo kvno host/Joy-it.intern
> host/Joy-it.intern@INTERN: kvno = 3
> 
> root@Joy-it:~# kvno host/Joy-it.intern
> host/Joy-it.intern@INTERN: kvno = 3
> 
> 
> 
On tjener as root I just had to reset the kvno values with
kadmin.local  -q "modify_principal -kvno 2 host/Joy-it.intern@INTERN"
kadmin.local  -q "modify_principal -kvno 2 nfs/Joy-it.intern@INTERN"

After a reboot of the Joy-it system, normal users were able to log into
it.

So problem solved, though I can't tell what caused it to appear.
And from now on I am a happy user of DebianEdu 12.

Cheers,
Frans Spiesschaert

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- login into workstation impossible
  - From: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>
- Re: login into workstation impossible
  - From: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>
- Re: login into workstation impossible
  - From: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>

Prev by Date: debian-edu-router is marked for autoremoval from testing
Previous by thread: Re: login into workstation impossible
Next by thread: password is not correct for added users.
Index(es):
- Date
- Thread