[Samba] NFSV4 Client setup problem

Rowland Penny rowlandpenny241155 at gmail.com
Tue Dec 1 10:00:39 UTC 2015 

On 01/12/15 08:24, L.P.H. van Belle wrote:
> Few things,
>
> - check your resolv.conf, make sure your Samba AD the first nameservers
> - check if you resolv.conf search, has, search india.local
> - is the time in sync with the DC?
> - on debian, a login as "Administrator" (if mapped to root) wont work. ( or remove the mini
> - in general, dont give Administrator a UID/GID
> - in general, dont use Administrator for ssh logins, but thats a choice, beter is, create a new user, and give that one admin rights.
>
> And have a look in to this script, works good on wheezy.
> https://secure.bazuin.nl/scripts/these_are_experimental_scripts/setup-nfsv4-kerberos.sh
>
> last.
> With above you can login without a password, but no tgt ticket is generated.
> for fix that, add "kinit -f -p" in the bashrc
>
> Greetz,
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens VigneshDhanraj G
>> Verzonden: dinsdag 1 december 2015 8:18
>> Aan: samba-technical at lists.samba.org; samba at lists.samba.org
>> Onderwerp: [Samba] NFSV4 Client setup problem
>>
>> Hi,
>>
>> I tried to bring up nfsv4 client setup, but when i joining AD server from
>> my LINUX machine i always get below error
>>
>> "kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in
>> Kerberos database
>> Failed to join domain: failed to connect to AD: Server not found in
>> Kerberos database"
>>
>> wbinfo -u command gives the user list
>> net ads info gives the details of the AD
>>
>> when i tried to login from AD administrator user i am not able to login
>> using ssh.
>>
>> i am using debian wheezy as client and windows 2003 Server as AD.
>>
>> my samba conf
>> [global]
>>          security = ADS
>>          realm = INDIA.LOCAL
>> # If the system doesn't find the domain controller automatically, you may
>> need the following line
>>          password server = INDIA.LOCAL
>> # note that workgroup is the 'short' domain name
>>          workgroup = INDIA
>> #       winbind separator = +
>>          winbind refresh tickets = yes
>>          winbind enum users = yes
>>          winbind enum groups = yes
>>          template homedir = /home/%D/%U
>>          template shell = /bin/bash
>>          client use spnego = yes
>>          client ntlmv2 auth = yes
>>          encrypt passwords = yes
>>          winbind use default domain = yes
>>          restrict anonymous = 2
>>          kerberos method = secrets and keytab
>>          dedicated keytab file = /etc/krb5.keytab
>>          name resolve order = lmhosts host
>>
>>
>> could anyone help regarding this?
>>
>> Regards,
>> Vigneshdhanraj G
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>

Is Avahi running?
If so, this may be part of your problems and you have a couple of 
options, stop using .local (this is the best option) or turn off Avahi.

I would also suggest you go here: 
https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member

Follow this and set up your smb.conf correctly, you don't appear to have 
anywhere to store your users & groups.

Rowland

More information about the samba mailing list