[Samba] Upgrade from 4.11.6 to 4.12.2 created authentication issues
James Atwell
james.atwell365 at gmail.com
Sun May 17 20:54:44 UTC 2020
On 5/17/2020 1:43 PM, Rowland penny via samba wrote:
> On 17/05/2020 16:54, James Atwell wrote:
>>
>> Strange results on a domain member
>>
>> jatwell at osticket:~$ net ads user info administrator -U administrator
>> Enter administrator's password:
>> create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for
>> file /var/run/samba/smb_tmp_krb5.Bgy6b4. Errno Permission denied
>>
> That works for me, but on Devuan (Debian Buster sans systemd), why is
> it trying to create a temporary krb5.conf ?
>>
>> If run as root I get this.
>>
>> root at osticket:~# net ads user info administrator -U administrator
>> Enter administrator's password:
>> gss_init_sec_context failed with [ Miscellaneous failure (see text):
>> encryption type 3 not supported]
>> kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An
>> internal error occurred.
>> gss_init_sec_context failed with [ Miscellaneous failure (see text):
>> encryption type 3 not supported]
>> gss_init_sec_context failed with [ Miscellaneous failure (see text):
>> encryption type 3 not supported]
>> kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An
>> internal error occurred.
>>
> Okay, just what is in that temp krb5.conf (I am taking that it is
> being used) and why is it using one and not the one in /etc ?
>>
>> Running this command on all my DC's
>>
> Are you wedded to Ubuntu 16.04 ? why not upgrade to 20.04 (or
> something else) ?
>>
>> A google search of the error landed me on the samba list with mention
>> to this error. Reading the thread I see a member mention moving the
>> samba folder and building again. So I did. After the build and
>> install I copied back the following files folders from my original
>> samba folder
>>
>> * etc
>> * private
>> * sysvol
>>
> I would have moved the Samba directory out of the way, demoted the DC,
> installed Samba again and rejoined the DC
>
> Rowland
>
>
>
>
I assume it's trying to create a tmp krb5.conf because the user I'm
logged into the domain member isn't a domain user? The tmp krb5.conf
never gets created even if I run as sudo. etc/krb5.conf does exist though.
I'm not tied to Ubuntu or Ubuntu 16.04 or 18.04.
More information about the samba
mailing list