L.P.H. van Belle
2016-Sep-28 14:05 UTC
[Samba] Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED
Hi Oliver , If you config is still the samba as i found in the list. On the member server, in smb.conf Change : realm = hq.kontrast To : realm = HQ.KONTRAST And whats in the krb5.conf of the member server? Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Oliver Werner via > samba > Verzonden: woensdag 28 september 2016 15:54 > Aan: Oliver Werner > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED > > Any Ideas what i can test for fix the problem with kerberos…? > > > > > > Am 27.09.2016 um 09:05 schrieb Oliver Werner via samba > <samba at lists.samba.org>: > > > > Hi Rowland, > > > > i have tested unjion and join again the member. But that looks not > better :/. Any ideas? > > > > Best wishes > > OLIVER WERNER > > Systemadministrator > > > > > > > >> Am 23.09.2016 um 14:38 schrieb Oliver Werner via samba > <samba at lists.samba.org <mailto:samba at lists.samba.org>>: > >> > >> Yes the file /etc/krb5.keytab is exists. > >> > >> You mean this lines? > >> > >> dedicated keytab file = /etc/krb5.keytab > >> kerberos method = secrets and keytab > >> winbind refresh tickets = yes > >> > >> there was edits when i join the system. > >> OLIVER WERNER > >> Systemadministrator > >> > >> > >> > >> > >>> Am 23.09.2016 um 08:55 schrieb Rowland Penny via samba > <samba at lists.samba.org <mailto:samba at lists.samba.org> > <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org>>>: > >>> > >>> On Fri, 23 Sep 2016 07:25:40 +0200 > >>> Oliver Werner <oliver.werner at kontrast.de > <mailto:oliver.werner at kontrast.de> <mailto:oliver.werner at kontrast.de > <mailto:oliver.werner at kontrast.de>> <mailto:oliver.werner at kontrast.de > <mailto:oliver.werner at kontrast.de> <mailto:oliver.werner at kontrast.de > <mailto:oliver.werner at kontrast.de>>>> wrote: > >>> > >>>> hi, > >>>> > >>>> now after 10 hours my samba has the next crash and need to restart > >>>> winbind. > >>>> > >>>> Here are the list/kinit: > >>>> > >>>> # before kinit > >>>> pl0024:~# klist > >>>> klist: Credentials cache file '/tmp/krb5cc_0' not found > >>>> pl0024:~# kinit Administrator > >>>> Password for Administrator at HQ.KONTRAST: > >>>> pl0024:~# klist > >>>> Ticket cache: FILE:/tmp/krb5cc_0 > >>>> Default principal: Administrator at HQ.KONTRAST > >>>> > >>>> Valid starting Expires Service principal > >>>> 23.09.2016 07:21:04 23.09.2016 17:21:04 > >>>> krbtgt/HQ.KONTRAST at HQ.KONTRAST renew until 24.09.2016 07:20:56 > >>>> > >>>> thats the only one kerberos cache file in /tmp right now. > >>>> > >>>> looks like kerberos does not renew the ticket :(? > >>>> OLIVER WERNER > >>>> Systemadministrator > >>>> > >>> > >>> failing after 10hrs is very probably kerberos related, you should have > >>> a kerberos cache in /tmp for the machine. Does /etc/krb5.keytab exist > ? > >>> Did you have the kereberos lines in smb.conf when you joined the > >>> machine ? > >>> > >>> Rowland > >>> > >>> -- > >>> To unsubscribe from this list go to the following URL and read the > >>> instructions: https://lists.samba.org/mailman/options/samba > <https://lists.samba.org/mailman/options/samba> > <https://lists.samba.org/mailman/options/samba > <https://lists.samba.org/mailman/options/samba>> > <https://lists.samba.org/mailman/options/samba > <https://lists.samba.org/mailman/options/samba><https://lists.samba.org/ma > ilman/options/samba <https://lists.samba.org/mailman/options/samba>>> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > <https://lists.samba.org/mailman/options/samba> > <https://lists.samba.org/mailman/options/samba > <https://lists.samba.org/mailman/options/samba>> > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > <https://lists.samba.org/mailman/options/samba> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Oliver Werner
2016-Sep-28 14:08 UTC
[Samba] Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED
Hi Louis, Thanks for your feedback. My krb.conf looks like: [libdefaults] default_realm = HQ.KONTRAST dns_lookup_realm = false dns_lookup_kdc = true So i change now in smb.conf in UPPER Case and will check this. Thx OLIVER WERNER Systemadministrator> Am 28.09.2016 um 16:05 schrieb L.P.H. van Belle via samba <samba at lists.samba.org>: > > Hi Oliver , > > If you config is still the samba as i found in the list. > > On the member server, in smb.conf > Change : realm = hq.kontrast > To : realm = HQ.KONTRAST > > And whats in the krb5.conf of the member server? > > > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org>] Namens Oliver Werner via >> samba >> Verzonden: woensdag 28 september 2016 15:54 >> Aan: Oliver Werner >> CC: samba at lists.samba.org <mailto:samba at lists.samba.org> >> Onderwerp: Re: [Samba] Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED >> >> Any Ideas what i can test for fix the problem with kerberos…? >> >> >> >> >>> Am 27.09.2016 um 09:05 schrieb Oliver Werner via samba >> <samba at lists.samba.org>: >>> >>> Hi Rowland, >>> >>> i have tested unjion and join again the member. But that looks not >> better :/. Any ideas? >>> >>> Best wishes >>> OLIVER WERNER >>> Systemadministrator >>> >>> >>> >>>> Am 23.09.2016 um 14:38 schrieb Oliver Werner via samba >> <samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org>>>: >>>> >>>> Yes the file /etc/krb5.keytab is exists. >>>> >>>> You mean this lines? >>>> >>>> dedicated keytab file = /etc/krb5.keytab >>>> kerberos method = secrets and keytab >>>> winbind refresh tickets = yes >>>> >>>> there was edits when i join the system. >>>> OLIVER WERNER >>>> Systemadministrator >>>> >>>> >>>> >>>> >>>>> Am 23.09.2016 um 08:55 schrieb Rowland Penny via samba >> <samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org>> >> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org>>>>: >>>>> >>>>> On Fri, 23 Sep 2016 07:25:40 +0200 >>>>> Oliver Werner <oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de> >> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de>> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de> >> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de>>> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de> >> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de>> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de> >> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de>>>>> wrote: >>>>> >>>>>> hi, >>>>>> >>>>>> now after 10 hours my samba has the next crash and need to restart >>>>>> winbind. >>>>>> >>>>>> Here are the list/kinit: >>>>>> >>>>>> # before kinit >>>>>> pl0024:~# klist >>>>>> klist: Credentials cache file '/tmp/krb5cc_0' not found >>>>>> pl0024:~# kinit Administrator >>>>>> Password for Administrator at HQ.KONTRAST <mailto:Administrator at HQ.KONTRAST>: >>>>>> pl0024:~# klist >>>>>> Ticket cache: FILE:/tmp/krb5cc_0 >>>>>> Default principal: Administrator at HQ.KONTRAST <mailto:Administrator at HQ.KONTRAST> >>>>>> >>>>>> Valid starting Expires Service principal >>>>>> 23.09.2016 07:21:04 23.09.2016 17:21:04 >>>>>> krbtgt/HQ.KONTRAST at HQ.KONTRAST <mailto:krbtgt/HQ.KONTRAST at HQ.KONTRAST> renew until 24.09.2016 07:20:56 >>>>>> >>>>>> thats the only one kerberos cache file in /tmp right now. >>>>>> >>>>>> looks like kerberos does not renew the ticket :(? >>>>>> OLIVER WERNER >>>>>> Systemadministrator >>>>>> >>>>> >>>>> failing after 10hrs is very probably kerberos related, you should have >>>>> a kerberos cache in /tmp for the machine. Does /etc/krb5.keytab exist >> ? >>>>> Did you have the kereberos lines in smb.conf when you joined the >>>>> machine ? >>>>> >>>>> Rowland >>>>> >>>>> -- >>>>> To unsubscribe from this list go to the following URL and read the >>>>> instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> >> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>> >> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> >> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>>> >> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> >> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>><https://lists.samba.org/ma <https://lists.samba.org/ma> >> ilman/options/samba <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>>>> >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> >> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>> >> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> >> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> >> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>
Oliver Werner
2016-Sep-30 07:03 UTC
[Samba] Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED
hi, now i have changes the realm from hq.kontrast to HQ.KONTRAST Restart samba and winbind on all DCs and Members But thats same issue. Lost connection to DCs and need to Restart winbind on my Member. my DCs have also the krb.conf like this. is it correct?> [libdefaults] > default_realm = HQ.KONTRAST > dns_lookup_realm = false > dns_lookup_kdc = trueOLIVER WERNER Systemadministrator> Am 28.09.2016 um 16:08 schrieb Oliver Werner via samba <samba at lists.samba.org>: > > Hi Louis, > > Thanks for your feedback. > > My krb.conf looks like: > > [libdefaults] > default_realm = HQ.KONTRAST > dns_lookup_realm = false > dns_lookup_kdc = true > > > So i change now in smb.conf in UPPER Case and will check this. > > Thx > OLIVER WERNER > Systemadministrator > > >> Am 28.09.2016 um 16:05 schrieb L.P.H. van Belle via samba <samba at lists.samba.org <mailto:samba at lists.samba.org>>: >> >> Hi Oliver , >> >> If you config is still the samba as i found in the list. >> >> On the member server, in smb.conf >> Change : realm = hq.kontrast >> To : realm = HQ.KONTRAST >> >> And whats in the krb5.conf of the member server? >> >> >> Greetz, >> >> Louis >> >> >>> -----Oorspronkelijk bericht----- >>> Van: samba [mailto:samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org> <mailto:samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org>>] Namens Oliver Werner via >>> samba >>> Verzonden: woensdag 28 september 2016 15:54 >>> Aan: Oliver Werner >>> CC: samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org>> >>> Onderwerp: Re: [Samba] Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED >>> >>> Any Ideas what i can test for fix the problem with kerberos…? >>> >>> >>> >>> >>>> Am 27.09.2016 um 09:05 schrieb Oliver Werner via samba >>> <samba at lists.samba.org <mailto:samba at lists.samba.org>>: >>>> >>>> Hi Rowland, >>>> >>>> i have tested unjion and join again the member. But that looks not >>> better :/. Any ideas? >>>> >>>> Best wishes >>>> OLIVER WERNER >>>> Systemadministrator >>>> >>>> >>>> >>>>> Am 23.09.2016 um 14:38 schrieb Oliver Werner via samba >>> <samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org>> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org><mailto:samba at lists.samba.org <mailto:samba at lists.samba.org>>>>: >>>>> >>>>> Yes the file /etc/krb5.keytab is exists. >>>>> >>>>> You mean this lines? >>>>> >>>>> dedicated keytab file = /etc/krb5.keytab >>>>> kerberos method = secrets and keytab >>>>> winbind refresh tickets = yes >>>>> >>>>> there was edits when i join the system. >>>>> OLIVER WERNER >>>>> Systemadministrator >>>>> >>>>> >>>>> >>>>> >>>>>> Am 23.09.2016 um 08:55 schrieb Rowland Penny via samba >>> <samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org>> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org><mailto:samba at lists.samba.org <mailto:samba at lists.samba.org>>> >>> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org>> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org><mailto:samba at lists.samba.org <mailto:samba at lists.samba.org>>>>>: >>>>>> >>>>>> On Fri, 23 Sep 2016 07:25:40 +0200 >>>>>> Oliver Werner <oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de>> >>> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de>>> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de><mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de>> >>> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de>>>> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de><mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de>> >>> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de>>> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de><mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de>> >>> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de>>>>>> wrote: >>>>>> >>>>>>> hi, >>>>>>> >>>>>>> now after 10 hours my samba has the next crash and need to restart >>>>>>> winbind. >>>>>>> >>>>>>> Here are the list/kinit: >>>>>>> >>>>>>> # before kinit >>>>>>> pl0024:~# klist >>>>>>> klist: Credentials cache file '/tmp/krb5cc_0' not found >>>>>>> pl0024:~# kinit Administrator >>>>>>> Password for Administrator at HQ.KONTRAST <mailto:Administrator at HQ.KONTRAST> <mailto:Administrator at HQ.KONTRAST <mailto:Administrator at HQ.KONTRAST>>: >>>>>>> pl0024:~# klist >>>>>>> Ticket cache: FILE:/tmp/krb5cc_0 >>>>>>> Default principal: Administrator at HQ.KONTRAST <mailto:Administrator at HQ.KONTRAST> <mailto:Administrator at HQ.KONTRAST <mailto:Administrator at HQ.KONTRAST>> >>>>>>> >>>>>>> Valid starting Expires Service principal >>>>>>> 23.09.2016 07:21:04 23.09.2016 17:21:04 >>>>>>> krbtgt/HQ.KONTRAST at HQ.KONTRAST <mailto:krbtgt/HQ.KONTRAST at HQ.KONTRAST> <mailto:krbtgt/HQ.KONTRAST at HQ.KONTRAST <mailto:krbtgt/HQ.KONTRAST at HQ.KONTRAST>> renew until 24.09.2016 07:20:56 >>>>>>> >>>>>>> thats the only one kerberos cache file in /tmp right now. >>>>>>> >>>>>>> looks like kerberos does not renew the ticket :(? >>>>>>> OLIVER WERNER >>>>>>> Systemadministrator >>>>>>> >>>>>> >>>>>> failing after 10hrs is very probably kerberos related, you should have >>>>>> a kerberos cache in /tmp for the machine. Does /etc/krb5.keytab exist >>> ? >>>>>> Did you have the kereberos lines in smb.conf when you joined the >>>>>> machine ? >>>>>> >>>>>> Rowland >>>>>> >>>>>> -- >>>>>> To unsubscribe from this list go to the following URL and read the >>>>>> instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>> >>> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>>> >>> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>> >>> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>>>> >>> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>> >>> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>>><https://lists.samba.org/ma <https://lists.samba.org/ma> <https://lists.samba.org/ma <https://lists.samba.org/ma>> >>> ilman/options/samba <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba><https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>>>>> >>>>> -- >>>>> To unsubscribe from this list go to the following URL and read the >>>>> instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>> >>> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>>> >>> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>> >>> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>>>> >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>> >>> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>
L.P.H. van Belle
2016-Sep-30 07:17 UTC
[Samba] Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED
Hai Oliver, Yes, thats ook pretty standard. On this questiosn.>thats the only one kerberos cache file in /tmp right now. >looks like kerberos does not renew the ticket :(?Do you have something like : ( look in /var/tmp ) These are the tickes generated by the server. -rw------- 1 root root 488 Sep 27 10:05 host_0 -rw------- 1 proxy proxy 9646 Sep 30 09:05 HTTP_13 obvious my proxy server ;-) Can you check? You can have a peak in thes files. ( on debian jessie this is ) You can try recreating you keytab file and set “may delicate kerberos” on the computer account first. And see what happens. I’ll have a good look at you logs bit later, people here need help.. Greetz, Llouis Van: Oliver Werner [mailto:oliver.werner at kontrast.de] Verzonden: vrijdag 30 september 2016 9:03 Aan: Oliver Werner CC: L.P.H. van Belle; samba at lists.samba.org Onderwerp: Re: [Samba] Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED hi, now i have changes the realm from hq.kontrast to HQ.KONTRAST Restart samba and winbind on all DCs and Members But thats same issue. Lost connection to DCs and need to Restart winbind on my Member. my DCs have also the krb.conf like this. is it correct? [libdefaults] default_realm = HQ.KONTRAST dns_lookup_realm = false dns_lookup_kdc = true OLIVER WERNER Systemadministrator Am 28.09.2016 um 16:08 schrieb Oliver Werner via samba <samba at lists.samba.org>: Hi Louis, Thanks for your feedback. My krb.conf looks like: [libdefaults] default_realm = HQ.KONTRAST dns_lookup_realm = false dns_lookup_kdc = true So i change now in smb.conf in UPPER Case and will check this. Thx OLIVER WERNER Systemadministrator Am 28.09.2016 um 16:05 schrieb L.P.H. van Belle via samba <samba at lists.samba.org>: Hi Oliver , If you config is still the samba as i found in the list. On the member server, in smb.conf Change : realm = hq.kontrast To : realm = HQ.KONTRAST And whats in the krb5.conf of the member server? Greetz, Louis -----Oorspronkelijk bericht----- Van: samba [mailto:samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org>] Namens Oliver Werner via samba Verzonden: woensdag 28 september 2016 15:54 Aan: Oliver Werner CC: samba at lists.samba.org <mailto:samba at lists.samba.org> Onderwerp: Re: [Samba] Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED Any Ideas what i can test for fix the problem with kerberos…? Am 27.09.2016 um 09:05 schrieb Oliver Werner via samba <samba at lists.samba.org>: Hi Rowland, i have tested unjion and join again the member. But that looks not better :/. Any ideas? Best wishes OLIVER WERNER Systemadministrator Am 23.09.2016 um 14:38 schrieb Oliver Werner via samba <samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org<mailto:samba at lists.samba.org>>>: Yes the file /etc/krb5.keytab is exists. You mean this lines? dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind refresh tickets = yes there was edits when i join the system. OLIVER WERNER Systemadministrator Am 23.09.2016 um 08:55 schrieb Rowland Penny via samba <samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org<mailto:samba at lists.samba.org>> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org<mailto:samba at lists.samba.org>>>>: On Fri, 23 Sep 2016 07:25:40 +0200 Oliver Werner <oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de>> <mailto:oliver.werner at kontrast.de<mailto:oliver.werner at kontrast.de> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de>>> <mailto:oliver.werner at kontrast.de<mailto:oliver.werner at kontrast.de> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de>> <mailto:oliver.werner at kontrast.de<mailto:oliver.werner at kontrast.de> <mailto:oliver.werner at kontrast.de <mailto:oliver.werner at kontrast.de>>>>> wrote: hi, now after 10 hours my samba has the next crash and need to restart winbind. Here are the list/kinit: # before kinit pl0024:~# klist klist: Credentials cache file '/tmp/krb5cc_0' not found pl0024:~# kinit Administrator Password for Administrator at HQ.KONTRAST <mailto:Administrator at HQ.KONTRAST>: pl0024:~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Administrator at HQ.KONTRAST <mailto:Administrator at HQ.KONTRAST> Valid starting Expires Service principal 23.09.2016 07:21:04 23.09.2016 17:21:04 krbtgt/HQ.KONTRAST at HQ.KONTRAST <mailto:krbtgt/HQ.KONTRAST at HQ.KONTRAST> renew until 24.09.2016 07:20:56 thats the only one kerberos cache file in /tmp right now. looks like kerberos does not renew the ticket :(? OLIVER WERNER Systemadministrator failing after 10hrs is very probably kerberos related, you should have a kerberos cache in /tmp for the machine. Does /etc/krb5.keytab exist ? Did you have the kereberos lines in smb.conf when you joined the machine ? Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>>> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>><https://lists.samba.org/ma <https://lists.samba.org/ma> ilman/options/samba <https://lists.samba.org/mailman/options/samba<https://lists.samba.org/mailman/options/samba>>>> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>>> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> <https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba