Sebastian Arcus
2018-Mar-09 10:52 UTC
[Samba] Kerberos not working after moving Samba AD DC to new server
I am moving a Samba AD DC to a new server (I am merging two different hardware servers serving different functions). The new server has the same name as the old one, and same IP addresses on the network interfaces. I have moved the following directories: /var/lib/samba /var/cache/samba /etc/samba/ /var/named/ Samba will start, Bind starts (I'm using the Bind backend), the dns tests from Samba wiki work fine, but the following doesn't work and I can't figure out why: # kinit Administrator kinit: Cannot contact any KDC for realm 'MYDOMAIN.LAN' while getting initial credentials The domain name above is correct, but for some reason Kerberos doesn't seem to be working. Does the Kerberos side of things need any other files which I should have copied from the old server?
Sebastian Arcus
2018-Mar-09 11:20 UTC
[Samba] Kerberos not working after moving Samba AD DC to new server
On 09/03/18 10:52, Sebastian Arcus via samba wrote:> I am moving a Samba AD DC to a new server (I am merging two different > hardware servers serving different functions). The new server has the > same name as the old one, and same IP addresses on the network > interfaces. I have moved the following directories: > > /var/lib/samba > /var/cache/samba > /etc/samba/ > /var/named/ > > Samba will start, Bind starts (I'm using the Bind backend), the dns > tests from Samba wiki work fine, but the following doesn't work and I > can't figure out why: > > # kinit Administrator > kinit: Cannot contact any KDC for realm 'MYDOMAIN.LAN' while getting > initial credentials > > The domain name above is correct, but for some reason Kerberos doesn't > seem to be working. Does the Kerberos side of things need any other > files which I should have copied from the old server?Sorry for the confusion - I just checked the old server and I get the same error. Is there any way of troubleshooting Kerberos further?
Rob Thoman
2018-Mar-09 11:22 UTC
[Samba] Kerberos not working after moving Samba AD DC to new server
Check the kr5b.conf and confirm DNS is working On Fri, Mar 9, 2018 at 9:20 PM, Sebastian Arcus via samba < samba at lists.samba.org> wrote:> > On 09/03/18 10:52, Sebastian Arcus via samba wrote: > >> I am moving a Samba AD DC to a new server (I am merging two different >> hardware servers serving different functions). The new server has the same >> name as the old one, and same IP addresses on the network interfaces. I >> have moved the following directories: >> >> /var/lib/samba >> /var/cache/samba >> /etc/samba/ >> /var/named/ >> >> Samba will start, Bind starts (I'm using the Bind backend), the dns tests >> from Samba wiki work fine, but the following doesn't work and I can't >> figure out why: >> >> # kinit Administrator >> kinit: Cannot contact any KDC for realm 'MYDOMAIN.LAN' while getting >> initial credentials >> >> The domain name above is correct, but for some reason Kerberos doesn't >> seem to be working. Does the Kerberos side of things need any other files >> which I should have copied from the old server? >> > > Sorry for the confusion - I just checked the old server and I get the same > error. Is there any way of troubleshooting Kerberos further? > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Reasonably Related Threads
- Kerberos not working after moving Samba AD DC to new server
- NT_STATUS_ACCESS_DENIED listing \* on Samba AD - out of the blue
- vfs_recycle disables permissions inheritance on AD DC shares
- Kerberos issues
- NT_STATUS_ACCESS_DENIED listing \* on Samba AD - out of the blue