Failed to find cifs/madmain at LAND.SUPERORG.COM(kvno 5) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] so far nothing works forever. the above error happens when the pc's are unable to connect to shares net leave/join fixes the problem temporarily. seems to relate to [Samba] Failed to find cifs/foo.bar in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] On Monday, 30 July 2018, 10:07:16 GMT-7, ray klassen via samba <samba at lists.samba.org> wrote: thanks for your response. Obviously lmhosts is not part of the equation anymore. But I copied/pasted from something that worked to something that didn't( I thought of clarifying this in a following email but didn't) If there is no /etc/lmhosts I'm sure nothing will suffer for having that parameter. DNS has been examined and re-examined. All the tests described in the wiki have been performed and results are exactly what is expected. Still trying to shoot this down. It's elusive. I have windows clients who connect to shares and are presented with a username password dialogue. Tentatively, it appears that simply running winbind -tP solves the problem for them. So as a test I have an hourly cron job that runs that on the server. On Saturday, 28 July 2018, 01:29:06 GMT-7, Rowland Penny via samba <samba at lists.samba.org> wrote: On Fri, 27 Jul 2018 21:25:04 +0000 (UTC) ray klassen via samba <samba at lists.samba.org> wrote:> so I had some time to follow this bunny trailand found that even > though all the other servers had no problems this one continued > to.Every so often a new computer couldn't connect and then it would > be all better after a net leave/net join. Net join would not work > without -S <MyDC> in the command lineWhat I found out was that most > net rpc commands such as net rpc testjoin would also fail without -S > <MyDC> in the command linewhereas they would work find for any other > box. I also noticed that a tdbtool dump of secrets.tdb was pretty > nearly empty whereas other servers had lots of info.The difference > was in the smb.conf line "name resolve order" > > earlier I had taken the advice (the more fool me, I guess) of the man > page with recommends > > "name resolve order = wins bcast" in a AD environment. > when I changed it back to > > "name resolve order = lmhosts wins host bcast" >I think you should look at your dns ;-) I doubt whether you have a lmhosts file on the Samba server, so if you remove that, the line becomes 'wins host bcast' and the only difference between that and what you had, is 'host'. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
so I'm going to ramble a bit because I need help desperately and I'm slogging away on my own, but something I say might give someone an idea. This whole thing seem to revolve around kerberos kvno's and machine password changes. couple of days after violently recreating the server people start to not be able to connect. today's debugging turned up a mismatch between the kvno supplied by the keytab and the one apparently required by smbd or winbindd or both. at present i've opted for machine password timeout = 0 in smb.conf and @weekly /usr/bin/net ads changetrustpw ; /usr/bin/net ads keytab create -P in root's crontab hopefully this will make a difference... On Tuesday, 31 July 2018, 10:31:23 GMT-7, ray klassen via samba <samba at lists.samba.org> wrote: Failed to find cifs/madmain at LAND.SUPERORG.COM(kvno 5) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] so far nothing works forever. the above error happens when the pc's are unable to connect to shares net leave/join fixes the problem temporarily. seems to relate to [Samba] Failed to find cifs/foo.bar in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] On Monday, 30 July 2018, 10:07:16 GMT-7, ray klassen via samba <samba at lists.samba.org> wrote: thanks for your response. Obviously lmhosts is not part of the equation anymore. But I copied/pasted from something that worked to something that didn't( I thought of clarifying this in a following email but didn't) If there is no /etc/lmhosts I'm sure nothing will suffer for having that parameter. DNS has been examined and re-examined. All the tests described in the wiki have been performed and results are exactly what is expected. Still trying to shoot this down. It's elusive. I have windows clients who connect to shares and are presented with a username password dialogue. Tentatively, it appears that simply running winbind -tP solves the problem for them. So as a test I have an hourly cron job that runs that on the server. On Saturday, 28 July 2018, 01:29:06 GMT-7, Rowland Penny via samba <samba at lists.samba.org> wrote: On Fri, 27 Jul 2018 21:25:04 +0000 (UTC) ray klassen via samba <samba at lists.samba.org> wrote:> so I had some time to follow this bunny trailand found that even > though all the other servers had no problems this one continued > to.Every so often a new computer couldn't connect and then it would > be all better after a net leave/net join. Net join would not work > without -S <MyDC> in the command lineWhat I found out was that most > net rpc commands such as net rpc testjoin would also fail without -S > <MyDC> in the command linewhereas they would work find for any other > box. I also noticed that a tdbtool dump of secrets.tdb was pretty > nearly empty whereas other servers had lots of info.The difference > was in the smb.conf line "name resolve order" > > earlier I had taken the advice (the more fool me, I guess) of the man > page with recommends > > "name resolve order = wins bcast" in a AD environment. > when I changed it back to > > "name resolve order = lmhosts wins host bcast" >I think you should look at your dns ;-) I doubt whether you have a lmhosts file on the Samba server, so if you remove that, the line becomes 'wins host bcast' and the only difference between that and what you had, is 'host'. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On Tue, 31 Jul 2018 21:48:29 +0000 (UTC) ray klassen <julius_ahenobarbus at yahoo.co.uk> wrote:> so I'm going to ramble a bit because I need help desperately and I'm > slogging away on my own, but something I say might give someone an > idea. This whole thing seem to revolve around kerberos kvno's and > machine password changes. couple of days after violently recreating > the server people start to not be able to connect. today's debugging > turned up a mismatch between the kvno supplied by the keytab and the > one apparently required by smbd or winbindd or both. at present i've > opted for > > machine password timeout = 0 in smb.conf > and > > @weekly /usr/bin/net ads changetrustpw ; /usr/bin/net ads keytab > create -P in root's crontab > hopefully this will make a difference... > > On Tuesday, 31 July 2018, 10:31:23 GMT-7, ray klassen via samba > <samba at lists.samba.org> wrote: > Failed to find cifs/madmain at LAND.SUPERORG.COM(kvno 5) in keytab > MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] > > so far nothing works forever. > the above error happens when the pc's are unable to connect to shares > net leave/join fixes the problem temporarily. > > > seems to relate to > > [Samba] Failed to find cifs/foo.bar in keytab MEMORY:cifs_srv_keytab > (arcfour-hmac-md5)] > > > > > > > > On Monday, 30 July 2018, 10:07:16 GMT-7, ray klassen via samba > <samba at lists.samba.org> wrote: > > thanks for your response. > Obviously lmhosts is not part of the equation anymore. > But I copied/pasted from something that worked to something that > didn't( I thought of clarifying this in a following email but didn't) > If there is no /etc/lmhosts I'm sure nothing will suffer for having > that parameter. DNS has been examined and re-examined. All the tests > described in the wiki have been performed and results are exactly > what is expected. Still trying to shoot this down. It's elusive. I > have windows clients who connect to shares and are presented with a > username password dialogue. Tentatively, it appears that simply > running winbind -tP solves the problem for them. So as a test I have > an hourly cron job that runs that on the server. > > On Saturday, 28 July 2018, 01:29:06 GMT-7, Rowland Penny via > samba <samba at lists.samba.org> wrote: > On Fri, 27 Jul 2018 21:25:04 +0000 (UTC) > ray klassen via samba <samba at lists.samba.org> wrote: > > > so I had some time to follow this bunny trailand found that even > > though all the other servers had no problems this one continued > > to.Every so often a new computer couldn't connect and then it would > > be all better after a net leave/net join. Net join would not work > > without -S <MyDC> in the command lineWhat I found out was that most > > net rpc commands such as net rpc testjoin would also fail without -S > > <MyDC> in the command linewhereas they would work find for any other > > box. I also noticed that a tdbtool dump of secrets.tdb was pretty > > nearly empty whereas other servers had lots of info.The difference > > was in the smb.conf line "name resolve order" > > > > earlier I had taken the advice (the more fool me, I guess) of the > > man page with recommends > > > > "name resolve order = wins bcast" in a AD environment. > > when I changed it back to > > > > "name resolve order = lmhosts wins host bcast" > > > > I think you should look at your dns ;-) > > I doubt whether you have a lmhosts file on the Samba server, so if you > remove that, the line becomes 'wins host bcast' and the only > difference between that and what you had, is 'host'. > > Rowland > >I have reviewed this thread and we have received very little info to work with. Yes, it is Samba 4.5.12 running on debian stretch, but how is it running ? Can you post the following files: /etc/hostname /etc/hosts /etc/resolv.conf /etc/krb5.conf smb.conf Also what is the DC ? Samba or Windows ? Rowland
Hai, In addition to Rowlands question. Can you run this script and post it to the list also. It gives a complete overview of what your running. Its basicly what Rowland asked, but with a few extra things. https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh And the output of: kinit Administrator klist klist -ket /var/lib/samba/private/secrets.keytab Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: woensdag 1 augustus 2018 9:10 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Winbind Craziness > > On Tue, 31 Jul 2018 21:48:29 +0000 (UTC) > ray klassen <julius_ahenobarbus at yahoo.co.uk> wrote: > > > so I'm going to ramble a bit because I need help > desperately and I'm > > slogging away on my own, but something I say might give someone an > > idea. This whole thing seem to revolve around kerberos kvno's and > > machine password changes. couple of days after violently recreating > > the server people start to not be able to connect. today's debugging > > turned up a mismatch between the kvno supplied by the keytab and the > > one apparently required by smbd or winbindd or both. at present i've > > opted for > > > > machine password timeout = 0 in smb.conf > > and > > > > @weekly /usr/bin/net ads changetrustpw ; /usr/bin/net ads keytab > > create -P in root's crontab > > hopefully this will make a difference... > > > > On Tuesday, 31 July 2018, 10:31:23 GMT-7, ray klassen via samba > > <samba at lists.samba.org> wrote: > > Failed to find cifs/madmain at LAND.SUPERORG.COM(kvno 5) in keytab > > MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] > > > > so far nothing works forever. > > the above error happens when the pc's are unable to connect > to shares > > net leave/join fixes the problem temporarily. > > > > > > seems to relate to > > > > [Samba] Failed to find cifs/foo.bar in keytab MEMORY:cifs_srv_keytab > > (arcfour-hmac-md5)] > > > > > > > > > > > > > > > > On Monday, 30 July 2018, 10:07:16 GMT-7, ray klassen via samba > > <samba at lists.samba.org> wrote: > > > > thanks for your response. > > Obviously lmhosts is not part of the equation anymore. > > But I copied/pasted from something that worked to something that > > didn't( I thought of clarifying this in a following email > but didn't) > > If there is no /etc/lmhosts I'm sure nothing will suffer for having > > that parameter. DNS has been examined and re-examined. All the tests > > described in the wiki have been performed and results are exactly > > what is expected. Still trying to shoot this down. It's elusive. I > > have windows clients who connect to shares and are presented with a > > username password dialogue. Tentatively, it appears that simply > > running winbind -tP solves the problem for them. So as a test I have > > an hourly cron job that runs that on the server. > > > > On Saturday, 28 July 2018, 01:29:06 GMT-7, Rowland Penny via > > samba <samba at lists.samba.org> wrote: > > On Fri, 27 Jul 2018 21:25:04 +0000 (UTC) > > ray klassen via samba <samba at lists.samba.org> wrote: > > > > > so I had some time to follow this bunny trailand found that even > > > though all the other servers had no problems this one continued > > > to.Every so often a new computer couldn't connect and > then it would > > > be all better after a net leave/net join. Net join would not work > > > without -S <MyDC> in the command lineWhat I found out was > that most > > > net rpc commands such as net rpc testjoin would also fail > without -S > > > <MyDC> in the command linewhereas they would work find > for any other > > > box. I also noticed that a tdbtool dump of secrets.tdb was pretty > > > nearly empty whereas other servers had lots of info.The difference > > > was in the smb.conf line "name resolve order" > > > > > > earlier I had taken the advice (the more fool me, I guess) of the > > > man page with recommends > > > > > > "name resolve order = wins bcast" in a AD environment. > > > when I changed it back to > > > > > > "name resolve order = lmhosts wins host bcast" > > > > > > > I think you should look at your dns ;-) > > > > I doubt whether you have a lmhosts file on the Samba > server, so if you > > remove that, the line becomes 'wins host bcast' and the only > > difference between that and what you had, is 'host'. > > > > Rowland > > > > > > I have reviewed this thread and we have received very little info to > work with. Yes, it is Samba 4.5.12 running on debian stretch, but how > is it running ? > > Can you post the following files: > > /etc/hostname > /etc/hosts > /etc/resolv.conf > /etc/krb5.conf > smb.conf > > Also what is the DC ? Samba or Windows ? > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >