[Samba] Problem Accessing Samba share from Windows workstation via DNS Round Robin

simo idra at samba.org
Sun Jan 22 18:07:14 MST 2012 

On Mon, 2012-01-23 at 09:58 +1000, Peter Tan wrote: 
> Hi Simo,
> 
> Thanks for your email. (It is good to get some reassurances I am on the right track...:)
> 
> "My preferred one is to join the cluster to the domain with the public name (clusterpub) in your case, and share the keytab between the 2 nodes. They are logically a single server and need to share the same credentials."
> 
> This is how I have set it up (as per samba ctdb wiki documentation) using "clusterpub" but it just refuses to let me map "\\clusterpub\share" on my windows client. I can hit the individual node's share using IP: \\10.101.4.16\share & \\10.101.4.17\share and these work fine (which is really working as per your option two).
> 
> As given before, incredibly I am able to successfully connect to \\clusterpub\share using smbclient from one of the linux nodes using my window domain login. I am confident winbind is working ok. 
> 
> It looks like Kerberos is having a problem. When trying to map from windows I get the following error in /var/log/messages (on the node that dns happens to send me to): "krb5_rd_req failed (Key table entry not found)".
> 
> # klist -ke
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
> ---- --------------------------------------------------------------------------
>    2 host/clusterpub.mydomain.au at MYDOMAIN.AU (DES cbc mode with CRC-32)
>    2 host/clusterpub. mydomain.au @ MYDOMAIN.AU (DES cbc mode with RSA-MD5)
>    2 host/clusterpub. mydomain.au @ MYDOMAIN.AU (ArcFour with HMAC/md5)
>    2 host/clusterpub@ MYDOMAIN.AU (DES cbc mode with CRC-32)
>    2 host/clusterpub@ MYDOMAIN.AU (DES cbc mode with RSA-MD5)
>    2 host/clusterpub@ MYDOMAIN.AU (ArcFour with HMAC/md5)
>    2 CLUSTERPUB$@ MYDOMAIN.AU (DES cbc mode with CRC-32)
>    2 CLUSTERPUB$@ MYDOMAIN.AU (DES cbc mode with RSA-MD5)
>    2 CLUSTERPUB$@ MYDOMAIN.AU (ArcFour with HMAC/md5)

I think you are missing keys for cifs/fqdn at REALM

Simo.


-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>

More information about the samba mailing list