thr3ads.net - samba - [Samba] Login to AD Member Fail [Jun 2018]

If this information is useful, please help other people find it:
Share via:

basti

2018-Jun-27 13:27 UTC

[Samba] Login to AD Member Fail

On 27.06.2018 15:17, Rowland Penny via samba wrote:
> What is in /etc/krb5.conf ?
> 
> Rowland
> I think there is a Problem with krb5.conf

Fileserver1

root at srv-031:~# cat /etc/krb5.conf
[libdefaults]
    default_realm = DOM.EXAMPLE.COM
    dns_lookup_realm = false
    dns_lookup_kdc = true
root at srv-031:~#


Fileserver with login Error


root at srv-007:/var/log/samba# cat /etc/krb5.conf
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
    default_realm = DOM.EXAMPLE.COM
    dns_lookup_realm = false
    dns_lookup_kdc = true
    ticket_lifetime = 24h
    forwardable = yes

[realms]
 DOM.EXAMPLE.COM = {
  kdc = dc1.dom.example.com:88
  admin_server = dc1.dom.example.com:749
  default_domain = example.com
 }

[domain_realm]
 .EXAMPLE.COM = EXAMPLE.COM
 EXAMPLE.COM = EXAMPLE.COM
root at srv-007:/var/log/samba#

Rowland Penny

2018-Jun-27 13:43 UTC

head link

[Samba] Login to AD Member Fail

On Wed, 27 Jun 2018 15:27:43 +0200
basti via samba <samba at lists.samba.org> wrote:
> On 27.06.2018 15:17, Rowland Penny via samba wrote:
> 
> > What is in /etc/krb5.conf ?
> > 
> > Rowland
> > 
> I think there is a Problem with krb5.conf
> 
> Fileserver1
> 
> root at srv-031:~# cat /etc/krb5.conf
> [libdefaults]
>     default_realm = DOM.EXAMPLE.COM
>     dns_lookup_realm = false
>     dns_lookup_kdc = true
That is the default Samba krb5.conf
> 
> 
> Fileserver with login Error
> 
> 
> root at srv-007:/var/log/samba# cat /etc/krb5.conf
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
> 
> [libdefaults]
>     default_realm = DOM.EXAMPLE.COM
>     dns_lookup_realm = false
>     dns_lookup_kdc = true
>     ticket_lifetime = 24h
>     forwardable = yes
> 
> [realms]
>  DOM.EXAMPLE.COM = {
>   kdc = dc1.dom.example.com:88
>   admin_server = dc1.dom.example.com:749
>   default_domain = example.com
>  }
> 
> [domain_realm]
>  .EXAMPLE.COM = EXAMPLE.COM
>  EXAMPLE.COM = EXAMPLE.COM
And that is the default OS krb5.conf.
It should work though, it contains the same info as the Samba one.
You could try changing it to match the working fileserver.
I would also compare the dns files (/etc/hosts, /etc/resolv.conf and
the global portion of smb.conf) to see if there is any differences.

Rowland

basti

2018-Jun-27 13:51 UTC

head link

[Samba] Login to AD Member Fail

On 27.06.2018 15:43, Rowland Penny via samba wrote:> And that is the default OS krb5.conf.
> It should work though, it contains the same info as the Samba one.
> You could try changing it to match the working fileserver.
> I would also compare the dns files (/etc/hosts, /etc/resolv.conf and
> the global portion of smb.conf) to see if there is any differences.
> 
> Rowland
Thanks for your hints.
I have set the krb5.conf to the same values as the fileserver.
and remove

    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab
from smb.conf.

and restart samba. for now it works. Lets look how long :-)

Best Regards,

Maybe Matching Threads

Search for more seemingly similar threads

samba - Jun 2018 - Login to AD Member Fail

[Samba] Login to AD Member Fail

[Samba] Login to AD Member Fail

[Samba] Login to AD Member Fail

Maybe Matching Threads