[Samba] macOS 10.13.6 error joining to Samba 4.8.3

Phillip Potter phil at philpotter.co.uk
Sat Aug 4 21:53:33 UTC 2018 

On Mon, Jul 30, 2018 at 09:24:46AM +1200, Andrew Bartlett wrote:
> On Sun, 2018-07-29 at 22:14 +0100, Phillip Potter wrote:
> > On Sat, Jul 28, 2018 at 11:40:26AM +1200, Andrew Bartlett wrote:
> > > On Sat, 2018-07-28 at 00:10 +0100, Phillip Potter via samba wrote:
> > > > Dear All,
> > > > 
> > > > I have recently setup a completely new AD domain on my Linux server, running Samba 4.8.3. From the server, I can authenticate via kerberos and get users and groups through winbind etc. When I try to join a freshly installed Mac running macOS 10.13.6, I receive the error:
> > > > "Unable to add server. Authentication server failed to completed the requested operation. (5103)"
> > > > 
> > > > The Mac has a local IP address of 192.168.0.107, and its hostname is set to potterbook.
> > > > 
> > > > On the Mac, no log entries at all occur to indicate what this might be.
> > > > 
> > > > On the Linux machine, the only logs that seem to get written are in /var/log/samba/mit_kdc.log:
> > > 
> > > Did you build Samba with MIT Kerberos support or use package so built? 
> > > If not, then perhaps you have the wrong KDC started, just start Samba
> > > and it will handle the rest.
> > > 
> > > If that isn't it, try re-building the AD DC without MIT Kerberos, we
> > > have some reports of issues in this area, and it would provide a point
> > > of comparison we can investigate.
> > > 
> > > Thanks,
> > > 
> > > Andrew Bartlett
> > > -- 
> > > Andrew Bartlett                       http://samba.org/~abartlet/
> > > Authentication Developer, Samba Team  http://samba.org
> > > Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba
> > > 
> > 
> > Dear Andrew,
> > 
> > I built Samba 4.8.3 from scratch on a fresh Fedora 28 VM, without MIT kerberos but keeping all other dependencies at the same version as with the packaged version, and I can confirm the Mac joins to a newly provisioned AD on it with no issues. Would you like me to provide logs for future reference?
> 
> Thanks.  Please file a bug and attach any logs you can.	
> 
> I've also CC'ed Andreas, who is a leading developer on the MIT KDC
> effort.
> 
> Andrew Bartlett
> 
> -- 
> Andrew Bartlett
> https://samba.org/~abartlet/
> Authentication Developer, Samba Team         https://samba.org
> Samba Development and Support, Catalyst IT   
> https://catalyst.net.nz/services/samba
> 
> 
> 
> 
Sorry to be a pain, but I'm unable to report the bug as I've yet to receive a reply from the bugzilla-maintenance at samba.org address containing account details to allow me to file it. I e-mailed using the address I am using now, which I currently host with gmail, but I figured the warning about disposable mail providers would not apply as I am using my own domain? Anyhow, still happy to report this if someone can act on this. Many thanks.

Regards,
Phil Potter

More information about the samba mailing list