Am 02.07.2018 um 12:23 schrieb Stefan G. Weichinger via samba:> Am 2018-07-02 um 12:14 schrieb Rowland Penny via samba: > >>> I remove only the 1st line or both? >>> >>> dedicated keytab file = /etc/krb5.keytab >>> kerberos method = secrets and keytab >> >> Both > > done > >>> Restart services? Reload/SIGHUP only? >> >> Try a reload first. > > done > > ... waiting for the clients to test now. > > So far I see no more ugly "gss ... 277" messages in log.smbd since the > change. Ah, and while I type that ... they return.Now for the records: in the last 3 days these messages really have disappeared until now. Maybe something has timed out in a way, a kerberos ticket or some kind of DNS-related info ... I don't know. As far I know now that samba-server is reachable via both its primary hostname and that one netbios alias (they use both in their hundreds of Hyperlinks they have in their word-docs ... oh my).
Am 06.07.2018 um 09:33 schrieb Stefan G. Weichinger via samba:> Am 02.07.2018 um 12:23 schrieb Stefan G. Weichinger via samba: >> Am 2018-07-02 um 12:14 schrieb Rowland Penny via samba: >> >>>> I remove only the 1st line or both? >>>> >>>> dedicated keytab file = /etc/krb5.keytab >>>> kerberos method = secrets and keytab >>> >>> Both >> >> done >> >>>> Restart services? Reload/SIGHUP only? >>> >>> Try a reload first. >> >> done >> >> ... waiting for the clients to test now. >> >> So far I see no more ugly "gss ... 277" messages in log.smbd since the >> change. Ah, and while I type that ... they return. > > Now for the records: in the last 3 days these messages really have > disappeared until now. Maybe something has timed out in a way, a > kerberos ticket or some kind of DNS-related info ... I don't know. > > As far I know now that samba-server is reachable via both its primary > hostname and that one netbios alias (they use both in their hundreds of > Hyperlinks they have in their word-docs ... oh my).Additional info after diffing the 3.6 smb.conf and the current one: seems as if the order has been turned around, back then they had: netbios name = U1NORAS netbios aliases = samba now we have netbios aliases = u1customer netbios name = SAMBA I took the optimized smb.conf suggested by Rowland back then, I'd have to check but it seems he turned these 2 around No offense intended here, just an observation! On 30.5. Rowland suggested: Try this smb.conf: [global] unix charset = iso8859-15 security = ads realm = CUSTOMER.INTRA workgroup = CUSTOMER netbios aliases = samba server string = U1CUSTOMER (no more "netbios name" in here ...) Hm, it seems I messed that up. My explanation is that somehow it worked for the first 2 weeks or so, then something timed out (could that be that the DNS-info for the alias is kept alive for such a long time?) greets, Stefan (still learning)
On Fri, 6 Jul 2018 09:48:38 +0200 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 06.07.2018 um 09:33 schrieb Stefan G. Weichinger via samba: > > Am 02.07.2018 um 12:23 schrieb Stefan G. Weichinger via samba: > >> Am 2018-07-02 um 12:14 schrieb Rowland Penny via samba: > >> > >>>> I remove only the 1st line or both? > >>>> > >>>> dedicated keytab file = /etc/krb5.keytab > >>>> kerberos method = secrets and keytab > >>> > >>> Both > >> > >> done > >> > >>>> Restart services? Reload/SIGHUP only? > >>> > >>> Try a reload first. > >> > >> done > >> > >> ... waiting for the clients to test now. > >> > >> So far I see no more ugly "gss ... 277" messages in log.smbd since > >> the change. Ah, and while I type that ... they return. > > > > Now for the records: in the last 3 days these messages really have > > disappeared until now. Maybe something has timed out in a way, a > > kerberos ticket or some kind of DNS-related info ... I don't know. > > > > As far I know now that samba-server is reachable via both its > > primary hostname and that one netbios alias (they use both in their > > hundreds of Hyperlinks they have in their word-docs ... oh my). > > Additional info after diffing the 3.6 smb.conf and the current one: > > seems as if the order has been turned around, back then they had: > > netbios name = U1NORAS > netbios aliases = samba > > now we have > > netbios aliases = u1customer > netbios name = SAMBA > > I took the optimized smb.conf suggested by Rowland back then, I'd > have to check but it seems he turned these 2 around > > No offense intended here, just an observation! > > On 30.5. Rowland suggested: > > Try this smb.conf: > > [global] > unix charset = iso8859-15 > > security = ads > realm = CUSTOMER.INTRA > workgroup = CUSTOMER > netbios aliases = samba > server string = U1CUSTOMER > > (no more "netbios name" in here ...) > > Hm, it seems I messed that up. > > My explanation is that somehow it worked for the first 2 weeks or so, > then something timed out (could that be that the DNS-info for the > alias is kept alive for such a long time?) > > greets, Stefan (still learning) >If you have multiple Unix domain members and want the same IDs on all of them, then you need to use the same '[global]' section on them all. The only possible 'flies in the ointment' are the netbios name and alias' you do not need to set the netbios name (unless it is a CTDB cluster), Samba will do it for you, you will just need to set any aliases. Rowland