[Samba] delete kerberos databases and start over

Ricky Nance ricky.nance at gmail.com
Tue Sep 24 15:30:14 MDT 2013 

Everything you mention shows that you are using samba as an AD DC, with
that being said, you should NOT be running your own KDC server, samba
provides this already. With samba stopped, double check that port 88 is not
being used ' netstat -anp | grep 88 | grep "LISTEN " ' If there is
something using that port, then kill it and try to restart samba and see if
thing start working better then. If not, start samba, then post the last
~25 lines of /usr/local/samba/var/log.samba and log.smbd if you don't mind.

Ricky


On Tue, Sep 24, 2013 at 12:10 PM, jimc <jesmeyano at gmail.com> wrote:

> Hi.
>
> Something happened with my Kerberos database*. I don't know what. I don't
> care much (right now).
>
> What I need to do now is to recover.
>
> I am running  a small home network: 3 win7 boxes, 2 xps, 2 Mint Linux and
> one Puppy.
>
> I tried deleting /usr/local/samba/private/* and
> /usr/local/samba/etc/smb.conf as the how-to suggests, then doing a
> samba-tool domain provision.
>
> All my Windoze boxes event logs say they can't establish a secure
> connection to authenticate.
>
> SSH works; I can get in via putty or via ssh on a Linux box.
>
> I have added the users using samba-tool user add jjkwkla.
>
> Kinit works. When I kinit jjkwkla, it asks for a password, then complains
> that it will expire.
>
> When I try kadmin, it says
> 'Authenticating as principal jjkwkla/admin at domain.suffix with password
> kadmin: Client not found in Kerberos database while initializing kadmin
> interface'
>
> smbclient works.
>
> samba-tool testparm complains about long share names, but nothing else.
>
> krb5.conf is:
> [libdefaults]
>     default_realm = DOMAIN.SUFFIX
>     dns_lookup_realm = false
>     dns_lookup_kdc = true
>
> [realms]
>     DOMAIN.SUFFIX = {
>         kdc = thisbox.domain.suffix:88
>         admin_server = thisbox.domain.suffix:749
>         default_domain = domain.suffix
>     }
>
> kdc.conf is:
>
> [kdcdefaults]
>     kdc_ports 750,88
>
> [realms]
>     domain.suffix = {
>         database_name = /usr/local/samba/private/**principal
>         admin_keytab = FILE:/usr/local/samba/private/**.keytab
>         acl_file = /etc/krb5kdc/kadm5.acl
>         keys_stash_file = /etc/krb5kdc/stash
>         kdc_ports = 750,88
>         max_life = 9107d 5h 0m 0s
>         max_renewable_life = 9300d 0h 0m 0s
>         master_key_type = des3-hmac-sha1
>         supported_enctypes = aes256-cts:normal arcfour-hmac:normal
> des3-hmac-sha 1:normal des-cbc-crc:normal des:normal des:v4 des:norealm
> des:onlyrealm des:afs3
>     }
>
> I would appreciate any help you could give. As I said, I'm not interested
> in knowing why. This box is my print server and I need it!
>
> -thanks!
>
> -jimc
>
> *At least I think it's my Kerberos database...
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
>

More information about the samba mailing list