[Samba] Upgrade from 4.11.6 to 4.12.2 created authentication issues
James Atwell
james.atwell365 at gmail.com
Mon May 18 00:59:43 UTC 2020
On 5/17/2020 5:17 PM, Rowland penny via samba wrote:
> On 17/05/2020 21:54, James Atwell wrote:
>> I assume it's trying to create a tmp krb5.conf because the user I'm
>> logged into the domain member isn't a domain user? The tmp krb5.conf
>> never gets created even if I run as sudo. etc/krb5.conf does exist
>> though.
>
> You are logging into a domain joined machine as a local user and then
> wonder why you are having problems ?
>
> Unless the user is root, there is a line like this in the smb.conf
> 'username map = /etc/samba/user.map' and the 'user.map' contains
> '!root = DOMAIN\Administrator', where 'DOMAIN' is your netbios domain.
>
>>
>> I'm not tied to Ubuntu or Ubuntu 16.04 or 18.04.
>
> It should work on 16.04, try sorting the above problem out first.
>
> Rowland
>
>
>
I got the issue with the ReadyNAS resolved. I decided to stop messing
with the broken DC and just remove it. I transferred all the FSMO and
demoted the DC. This immediately allowed the ReadyNAS to join and
import users and groups. Oddly enough the errors I mentioned earlier
that I initially had when I ran samba-tool drs showrepl came back.
Probably because the kinit ticket I generated had expired. For
reference I'm posting below.
root at pfdc1:~# samba-tool drs showrepl
Wrong username or password: kinit for PFDC1$@SAMBA.LOCAL failed (Client
not found in Kerberos database)
Wrong username or password: kinit for PFDC1$@SAMBA.LOCAL failed (Client
not found in Kerberos database)
Default-First-Site-Name\PFDC1
DSA Options: 0x00000001
DSA object GUID: acc2392f-9567-450f-bcb3-4fb1034b8753
DSA invocationId: d3644219-dbcd-43ff-815e-8850f94192e1
root at pfdc1:~# samba-tool drs showrepl
GSS client Update(krb5)(1) Update failed: Miscellaneous failure (see
text): encryption type 3 not supported
GSS client Update(krb5)(1) Update failed: Miscellaneous failure (see
text): encryption type 3 not supported
I'll mention the other DC I upgraded to 4.12.2 is still in the forest
and not having any troubles. Rowland appreciate you taking your time to
review.
-James
More information about the samba
mailing list