OD Users not Authenticating for File Shares - Yosemite
Hello,
Wondering if someone can help me make sense of this log. The problem is that user seem unable to authenticate to access their file shares over SMB. AFP connection works. I am still getting my head around it but am I right that this might have something to do with Kerberos as each protocol interacts differently with kerberos?
Server.app 4.0.3
Yosemite 10.10.2
There are updates to these but I wouldn't mind feeling like I had some understanding of the actual issue first. The first 3 lines are repeated over and over again.
Apr 29 12:37:17 micserver1.city.internal.mic digest-service[248]: digest-request: uid=0
Apr 29 12:37:17 micserver1.city.internal.mic digest-service[248]: digest-request: init request
Apr 29 12:37:17 micserver1.city.internal.mic digest-service[248]: digest-request: init return domain: MIC-SERVER-1 server: MICSERVER1 indomain was: <NULL>
Apr 29 12:37:24 micserver1.city.internal.mic kdc[10137]: AS-REQ username@MICSERVER1.CITY.INTERNAL.MIC from 10.2.1.211:51845 for krbtgt/MICSERVER1.CITY.INTERNAL.MIC@MICSERVER1.CITY.INTERNAL.MIC
Apr 29 12:37:24 micserver1.city.internal.mic sandboxd[609] ([10137]): kdc(10137) deny file-read-data /private/etc/krb5.conf
Apr 29 12:37:24 micserver1.city.internal.mic kdc[10137]: AS-REQ username@MICSERVER1.CITY.INTERNAL.MIC from 10.2.1.211:51845 for krbtgt/MICSERVER1.CITY.INTERNAL.MIC@MICSERVER1.CITY.INTERNAL.MIC
Apr 29 12:37:24 micserver1.city.internal.mic kdc[10137]: Client sent patypes: REQ-ENC-PA-REP
Apr 29 12:37:24 micserver1.city.internal.mic kdc[10137]: user has no SRP keys
Apr 29 12:37:24 micserver1.city.internal.mic kdc[10137]: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ
Apr 29 12:37:24 micserver1.city.internal.mic kdc[10137]: AS-REQ username@MICSERVER1.CITY.INTERNAL.MIC from 10.2.1.211:60842 for krbtgt/MICSERVER1.CITY.INTERNAL.MIC@MICSERVER1.CITY.INTERNAL.MIC
Apr 29 12:37:24 --- last message repeated 1 time ---
Apr 29 12:37:24 micserver1.city.internal.mic kdc[10137]: Client sent patypes: ENC-TS, REQ-ENC-PA-REP
Apr 29 12:37:24 micserver1.city.internal.mic kdc[10137]: ENC-TS pre-authentication succeeded -- username@MICSERVER1.CITY.INTERNAL.MIC
Apr 29 12:37:24 micserver1.city.internal.mic kdc[10137]: DSUpdateLoginStatus: Unable to synchronize login time for username: 77009
Apr 29 12:37:24 micserver1.city.internal.mic kdc[10137]: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
Apr 29 12:37:24 micserver1.city.internal.mic kdc[10137]: Requested flags: forwardable
Apr 29 12:37:25 micserver1.city.internal.mic kdc[10137]: TGS-REQ username@MICSERVER1.CITY.INTERNAL.MIC from 10.2.1.211:51372 for host/users-imac.local@MICSERVER1.CITY.INTERNAL.MIC [canonicalize, forwardable]
Apr 29 12:37:25 micserver1.city.internal.mic kdc[10137]: Searching referral for users-imac.local
Apr 29 12:37:25 micserver1.city.internal.mic kdc[10137]: Server not found in database: krbtgt/LOCAL@MICSERVER1.CITY.INTERNAL.MIC: no such entry found in hdb
Apr 29 12:37:25 micserver1.city.internal.mic kdc[10137]: Failed building TGS-REP to 10.2.1.211:51372
Apr 29 12:37:25 micserver1.city.internal.mic kdc[10137]: TGS-REQ username@MICSERVER1.CITY.INTERNAL.MIC from 10.2.1.211:53028 for krbtgt/LOCAL@MICSERVER1.CITY.INTERNAL.MIC [forwardable]
Apr 29 12:37:25 micserver1.city.internal.mic kdc[10137]: Server not found in database: krbtgt/LOCAL@MICSERVER1.CITY.INTERNAL.MIC: no such entry found in hdb
Apr 29 12:37:25 micserver1.city.internal.mic kdc[10137]: Failed building TGS-REP to 10.2.1.211:53028
Apr 29 12:37:25 micserver1.city.internal.mic kdc[10137]: TGS-REQ username@MICSERVER1.CITY.INTERNAL.MIC from 10.2.1.211:57588 for ldap/micserver1.city.internal.mic@MICSERVER1.CITY.INTERNAL.MIC [canonicalize, forwardable]
Apr 29 12:37:25 micserver1.city.internal.mic kdc[10137]: TGS-REQ username@MICSERVER1.CITY.INTERNAL.MIC from 10.2.1.211:57403 for ldap/micserver1.city.internal.mic@MICSERVER1.CITY.INTERNAL.MIC [forwardable]
Apr 29 12:37:26 micserver1.city.internal.mic kdc[10137]: AS-REQ username@MICSERVER1.CITY.INTERNAL.MIC from 10.2.1.211:50851 for krbtgt/MICSERVER1.CITY.INTERNAL.MIC@MICSERVER1.CITY.INTERNAL.MIC
Apr 29 12:37:26 --- last message repeated 1 time ---
Apr 29 12:37:26 micserver1.city.internal.mic kdc[10137]: Client sent patypes: REQ-ENC-PA-REP
Apr 29 12:37:26 micserver1.city.internal.mic kdc[10137]: user has no SRP keys
Apr 29 12:37:26 micserver1.city.internal.mic kdc[10137]: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ
Apr 29 12:37:26 micserver1.city.internal.mic kdc[10137]: AS-REQ username@MICSERVER1.CITY.INTERNAL.MIC from 10.2.1.211:60809 for krbtgt/MICSERVER1.CITY.INTERNAL.MIC@MICSERVER1.CITY.INTERNAL.MIC
Apr 29 12:37:26 --- last message repeated 1 time ---
Apr 29 12:37:26 micserver1.city.internal.mic kdc[10137]: Client sent patypes: ENC-TS, REQ-ENC-PA-REP
Apr 29 12:37:26 micserver1.city.internal.mic kdc[10137]: ENC-TS pre-authentication succeeded -- username@MICSERVER1.CITY.INTERNAL.MIC
Apr 29 12:37:26 micserver1.city.internal.mic kdc[10137]: DSUpdateLoginStatus: Unable to synchronize login time for username: 77009
Apr 29 12:37:26 micserver1.city.internal.mic kdc[10137]: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
Apr 29 12:37:26 micserver1.city.internal.mic kdc[10137]: Requested flags: renewable, forwardable
Apr 29 12:37:26 micserver1.city.internal.mic kdc[10137]: AS-REQ username@MICSERVER1.CITY.INTERNAL.MIC from 10.2.1.211:57527 for krbtgt/MICSERVER1.CITY.INTERNAL.MIC@MICSERVER1.CITY.INTERNAL.MIC
Apr 29 12:37:26 --- last message repeated 1 time ---
Apr 29 12:37:26 micserver1.city.internal.mic kdc[10137]: Client sent patypes: REQ-ENC-PA-REP
Apr 29 12:37:26 micserver1.city.internal.mic kdc[10137]: user has no SRP keys
Apr 29 12:37:26 micserver1.city.internal.mic kdc[10137]: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ
Apr 29 12:37:26 micserver1.city.internal.mic kdc[10137]: AS-REQ username@MICSERVER1.CITY.INTERNAL.MIC from 10.2.1.211:60960 for krbtgt/MICSERVER1.CITY.INTERNAL.MIC@MICSERVER1.CITY.INTERNAL.MIC
Apr 29 12:37:26 --- last message repeated 1 time ---
——Removed Repeats——
Apr 29 12:37:26 micserver1.city.internal.mic kdc[10137]: TGS-REQ username@MICSERVER1.CITY.INTERNAL.MIC from 10.2.1.211:51420 for ldap/micserver1.city.internal.mic@MICSERVER1.CITY.INTERNAL.MIC [forwardable]
Apr 29 12:37:27 micserver1.city.internal.mic kdc[10137]: TGS-REQ username@MICSERVER1.CITY.INTERNAL.MIC from 10.2.1.211:49892 for afpserver/micserver2.city.internal.mic@MICSERVER1.CITY.INTERNAL.MIC [canonicalize, forwardable]
Apr 29 12:37:27 micserver1.city.internal.mic kdc[10137]: TGS-REQ username@MICSERVER1.CITY.INTERNAL.MIC from 10.2.1.211:55670 for afpserver/micserver2.city.internal.mic@MICSERVER1.CITY.INTERNAL.MIC [forwardable]
Apr 29 12:37:27 micserver1.city.internal.mic digest-service[248]: digest-request: uid=0
Apr 29 12:37:27 micserver1.city.internal.mic digest-service[248]: digest-request: init request
Apr 29 12:37:27 micserver1.city.internal.mic digest-service[248]: digest-request: init return domain: MIC-SERVER-1 server: MICSERVER1 indomain was: <NULL>
iMac, OS X Yosemite (10.10)