Hello List, I am (unsuccessfully) trying to automatically get a valid kerberos ticket for my linux box. I have - in a test environment: - a windows 2000 server with Active directory and DNS properly set up. - a suse linux 9.0 router with samba3.0.2.rc.1 and heimdal 0.6.-67. - I am able to join the domain and get a valid ticket through kinit, if I enter the Administrator's password or the userdata with password from some account in the Administrator group. - Filetransfer and Name services and winbind work flawlessly, as long as there is a valid ticket. I have googled and read in mailing lists, and became good advice (thanks chris!) on how to get a ticket wih a cronjob and a keytab file: - On the ADS-KDC I created a user, to whose account the new kerberos principal is to be mapped, - which I did by typing "ktpass -princ host/hostname@REALM -mapuser username -pass password -out keyfile", like microsoft explains on their techinfo sites. - Then I transferred the keyfile to the linux box and tried to use it for kinit with the -k and -t switches. BUT: All I got is: Additional pre-authentication required. (which seems to be the least explanatory of all samba errors...) Here follow my tries: --------------SCHNIPP------------------------ linux-router:~ # kinit --use-keytab -t /etc/krb5.keytab kinit: krb5_get_init_creds: Additional pre-authentication required linux-router:~ # ktutil -k /etc/krb5.keytab list /etc/krb5.keytab: Vno Type Principal 1 des-cbc-crc host/linux-router.linux.xxxxx.local@LINUX.XXXXX.LOCAL linux-router:~ # kinit -k host/linux-router.linux.xxxxxx.local kinit: krb5_get_init_creds: Additional pre-authentication required #linux-router:~ # kinit host/linux-router.linux.xxxxx.local host/linux-router.linux.xxxxx.local@LINUX.XXXXX.LOCAL's Password: linux-router:~ # -------------SCNHAPP-------------------------- The funny thing is: - I can get a ticket with any valid useraccount in the Administrator group. - the User Mapping on the windows box seems to work, because I enter the user's password with kinit host/..... and i get a ticket. Who can help? Where is my mistake? Thanks a lot in advance -- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net