Carlos A. P. Cunha
2017-Jan-09 10:59 UTC
[Samba] kerberos_kinit_password failed: Preauthentication failed
Hello! I do not use sssd use winbind. When I mentioned in the lines workgroup and realm, they are like this (for example) Workgroup = INTRNAL Realm = INTERNAL.TESTE.COM.BR I do not know if that was what caused the confusion .... Thanks Em 08-01-2017 20:28, Rowland Penny via samba escreveu:> On Sun, 8 Jan 2017 20:04:41 -0200 > "Carlos A. P. Cunha" <carlos.hollow at gmail.com> wrote: > >> Hello! >> >> My smb.conf >> >> [global] >> workgroup = <DOMAIN> >> realm = <SUBDOMAIN.DOMAIN.COM.BR> >> >> security = ADS >> idmap config * : backend = rid >> idmap config * : range = 100000-999999 >> >> client schannel = no >> allow trusted domains = yes >> winbind use default domain = yes >> winbind refresh tickets = Yes >> winbind offline logon = no >> winbind cache time = 60 >> winbind enum users = yes >> winbind enum groups = yes >> template shell = /bin/bash >> template homedir = /home/%U >> >> vfs objects = acl_xattr >> map acl inherit = yes >> store dos attributes = yes >> > OK, are you using sssd ?, If you are this isn't a Samba problem, or > are you trying to run the Samba AD DC as a subdomain of another > domain ? If you are, sorry but it doesn't (yet) work. > > Rowland > >
Rowland Penny
2017-Jan-09 11:16 UTC
[Samba] kerberos_kinit_password failed: Preauthentication failed
On Mon, 9 Jan 2017 08:59:40 -0200 "Carlos A. P. Cunha" <carlos.hollow at gmail.com> wrote:> Hello! > I do not use sssd use winbind. > When I mentioned in the lines workgroup and realm, they are like this > (for example) > > Workgroup = INTRNAL > Realm = INTERNAL.TESTE.COM.BR > > I do not know if that was what caused the confusion .... >Yes it was, if you are going to sanitize smb.conf (or anything) please use the same thing everywhere ;-) Your 'idmap config' set up is entirely wrong, you should use 'tdb' for the '*' domain and you should also have a separate range for the 'INTERNAL' domain i.e. you should have lines similar to these: idmap config *:backend = tdb idmap config *:range = 2000-9999 idmap config INTERNAL : backend = rid idmap config INTERNAL : range = 10000-999999 Rowland
Carlos A. P. Cunha
2017-Jan-09 12:17 UTC
[Samba] kerberos_kinit_password failed: Preauthentication failed
Rowland I'm guessing I was wrong, but my fear now is that I change this setting, change my UID / GID, and stop sharing accesses. Is this going to happen? But by the very doubt, would that affect my problem, since it seems to be something with kerberos? Thanks Em 09-01-2017 09:16, Rowland Penny via samba escreveu:> On Mon, 9 Jan 2017 08:59:40 -0200 > "Carlos A. P. Cunha" <carlos.hollow at gmail.com> wrote: > >> Hello! >> I do not use sssd use winbind. >> When I mentioned in the lines workgroup and realm, they are like this >> (for example) >> >> Workgroup = INTRNAL >> Realm = INTERNAL.TESTE.COM.BR >> >> I do not know if that was what caused the confusion .... >> > Yes it was, if you are going to sanitize smb.conf (or anything) please > use the same thing everywhere ;-) > > Your 'idmap config' set up is entirely wrong, you should use 'tdb' for > the '*' domain and you should also have a separate range for the > 'INTERNAL' domain > i.e. you should have lines similar to these: > > idmap config *:backend = tdb > idmap config *:range = 2000-9999 > idmap config INTERNAL : backend = rid > idmap config INTERNAL : range = 10000-999999 > > Rowland > >
Reasonably Related Threads
- kerberos_kinit_password failed: Preauthentication failed
- kerberos_kinit_password failed: Preauthentication failed
- kerberos_kinit_password failed: Preauthentication failed
- kerberos_kinit_password failed: Preauthentication failed
- kerberos_kinit_password failed: Preauthentication failed