Authentication failure ticket is ineligible for postdating

Cause: The password that you specified is in a password dictionary that is being used. Solution: Choose a password that has a mix of password classes.Cause: The system's replay cache could not be opened.The Kerberos service supports only the Kerberos V5 protocol.

authentication failure ticket is ineligible for postdating-36authentication failure ticket is ineligible for postdating-33authentication failure ticket is ineligible for postdating-56

The replay cache file is called Cause: Most likely, a Kerberos V4 request was sent to the KDC.

NET [kdc] profile = /var/kerberos/krb5kdc/[appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } Now it is a good idea to add your domain controller to your change: workgroup = EDMONSON add: realm = EDMONSON. NET change: server string = Linux Samba File Server change: security = ADS change: encrypt passwords = yes change: preferred master = no add: template shell = /bin/false add: template homedir = /home/%D/%U add: idmap uid = 10000-20000 add: idmap gid = 10000-20000 add: enhanced browsing = no add: winbind use default domain = yes Now you need to enable extended Access Control Lists (ACLs) on the filesystem that you will be using.

The easiest way to do that is to just reboot the machine, since sometimes there might be users with files open and you can’t unmount while that is going on.

I think there is an option to SAMBA to get it to do this when a user connects to the machine, but I couldn’t find it quickly today to set it.

If anyone knows what it is, just let me know and I will edit this to get it in there. You should now have a machine that will authenticate to the AD and show you the shares that you are allowed to access.