Barry Ralphs
2019-Jun-13 20:02 UTC
[Samba] Moving Samba AD DC from one VM host to another: Preauthentication failed
I'm trying to move my current Samba AD DC VM from EXSi vSphere to XenServer (XCP-NG). I was able to export the VM to .OVA file & import it into XCP-NG fine. I was able to open ADUC & the DNS manager in Windows without an issue. But my web server had a lot of these errors in the log & couldn't mount the SMB shares from the file server: kerberos_kinit_password <HOSTNAME> failed: Preauthentication failed Maybe the web server changed it's password in between the export & import (it was a few days). Does it just need to leave & rejoin the domain? Or is there anything else I need to do on the DC after importing it into the new host? Both the DC & web server are on: Samba version: 4.7.6 CentOS: 7.5.1804 Thanks for any help.
Denis Cardon
2019-Jun-14 13:51 UTC
[Samba] Moving Samba AD DC from one VM host to another: Preauthentication failed
Hi Barry,> I'm trying to move my current Samba AD DC VM from EXSi vSphere to > XenServer (XCP-NG). > I was able to export the VM to .OVA file & import it into XCP-NG fine. > I was able to open ADUC & the DNS manager in Windows without an issue. > But my web server had a lot of these errors in the log & couldn't mount > the SMB shares from the file server: > kerberos_kinit_password <HOSTNAME> failed: Preauthentication failed > > Maybe the web server changed it's password in between the export & > import (it was a few days). > Does it just need to leave & rejoin the domain? > Or is there anything else I need to do on the DC after importing it into > the new host?Like Windows desktop, Winbind changes its shared secret on a regular basis (I think it is two weeks for winbind, 4 weeks for Windows desktops). So if you had your DC running during the transfert, the secret might well have changed. If you have to do that again later, when switching server, you should stop samba service, the copy over the uptodate /var/lib/samba from the old VMWare VM to the new Xenserver VM in order not to lose any updated entries. For your web server, rejoining should to the trick. > Both the DC & web server are on: > Samba version: 4.7.6 > CentOS: 7.5.1804 I encourage you to update on latest 4.9 at least. Samba 4.7 is not supported anymore, and actually there has been big improvement in performance and stability, notably bind-dlz which is working much better. Cheers, Denis>> > > Thanks for any help. >-- Denis Cardon Tranquil IT 12 avenue Jules Verne (Bat. A) 44230 Saint S?bastien sur Loire (FRANCE) tel : +33 (0) 240 975 755 http://www.tranquil.it Tranquil IT recrute! https://www.tranquil.it/nous-rejoindre/ Samba install wiki for Frenchies : https://dev.tranquil.it WAPT, software deployment made easy : https://wapt.fr