Omnis ludis - games
2024-Jun-24 08:52 UTC
[Samba] GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)
Good afternoon, please tell me there is such an infrastructure windows domain and samba domain between them, one-sided external outgoing trust relationships are set up, so that users from the windows domain can freely enter the samba domain, I entered the client into the samba domain and all users from the samba domain can safely pass to this client, but that's not the task of users they do not want to authenticate from the windows domain in any way when I try to log in to a client from the samba domain under them, I get the following error in sssd on the client, GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database), do I understand correctly that this works like this, the client accesses the samba domain controller, since there is no given user in samba, the request is redirected to the windows domain controller and that in turn must provide information about this to users from its database kerberos? but for some reason this does not happen, does anyone have at least some information on this error, I have already tried many different scenarios and can not log in as a user in any way, as if samba does not process information correctly, while if you build a two-way trusting relationship, then everything works as it should
Rowland Penny
2024-Jun-24 09:06 UTC
[Samba] GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)
On Mon, 24 Jun 2024 11:52:17 +0300 Omnis ludis - games via samba <samba at lists.samba.org> wrote:> Good afternoon, please tell me there is such an infrastructure windows > domain and samba domain between them, one-sided external outgoing > trust relationships are set up, so that users from the windows domain > can freely enter the samba domain, I entered the client into the > samba domain and all users from the samba domain can safely pass to > this client, but that's not the task of users they do not want to > authenticate from the windows domain in any way when I try to log in > to a client from the samba domain under them, I get the following > error in sssd on the client, GSSAPI Error: Unspecified GSS failure. > Minor code may provide more information (Server not found in Kerberos > database), do I understand correctly that this works like this, the > client accesses the samba domain controller, since there is no given > user in samba, the request is redirected to the windows domain > controller and that in turn must provide information about this to > users from its database kerberos? but for some reason this does not > happen, does anyone have at least some information on this error, I > have already tried many different scenarios and can not log in as a > user in any way, as if samba does not process information correctly, > while if you build a two-way trusting relationship, then everything > works as it shouldI suggest you should ask this question on the sssd-users mailing list. Samba does not produce sssd and hence, little is known about it. Rowland
Christian Naumer
2024-Jun-24 09:14 UTC
[Samba] GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)
Am 24.06.24 um 10:52 schrieb Omnis ludis - games via samba:> while if you build a two-way > trusting relationship, then everything works as it shouldAs far as I know Samba only supports two-way Trust. See here: https://wiki.samba.org/index.php/Active_Directory_Trusts "Both sides of the trust need to fully trust each other!" Regards Christian