[Samba] Kerberos: Principal may not act as server ERROR
Aggarwal, Ajay
Ajay.Aggarwal at stratus.com
Mon Aug 2 07:58:43 MDT 2010
Just bumping up to see if anyone else has seen this issue. Also noticed
following errors in samba log. Wonder if these are related?
Failed to modify SPNs on
CN=NODE1-LIME,CN=Computers,DC=sambalime,DC=stratus,DC=com: error in
module acl: insufficient access rights (50)
ldb_wrap open of sam.ldb
Failed to modify SPNs on
CN=NODE1-LIME,CN=Computers,DC=sambalime,DC=stratus,DC=com: error in
module acl: insufficient access rights (50)
added interface ip=10.90.0.71 nmask=255.255.255.0
ldb_wrap open of sam.ldb
Failed to modify SPNs on
CN=NODE1-LIME,CN=Computers,DC=sambalime,DC=stratus,DC=com: error in
module acl: insufficient access rights (50)
ldb_wrap open of sam.ldb
Failed to modify SPNs on
CN=NODE1-LIME,CN=Computers,DC=sambalime,DC=stratus,DC=com: error in
module acl: insufficient access rights (50)
added interface ip=10.90.0.71 nmask=255.255.255.0
ldb_wrap open of sam.ldb
Failed to modify SPNs on
CN=NODE1-LIME,CN=Computers,DC=sambalime,DC=stratus,DC=com: error in
module acl: insufficient access rights (50)
ipv4:10.90.0.88:49232 closed connection to service IPC$
-Ajay
-----Original Message-----
From: samba-bounces at lists.samba.org
[mailto:samba-bounces at lists.samba.org] On Behalf Of Aggarwal, Ajay
Sent: Thursday, July 29, 2010 12:55 PM
To: samba at lists.samba.org
Subject: [Samba] Kerberos: Principal may not act as server ERROR
Our environment: samba4 (alpha12) running on centos 5.4.
We are experimenting with Hyper-V 2008 R2 Failover Clustering, which
requires Active Directory. We are trying to see if samba-4 will work as
the AD server. We are trying to create 2 node failover cluster. Both
nodes have joined the domain successfully (with samba-4 as the DC). But
subsequent steps of creating the "Failover Cluster" are failing and we
see following error in samba log
Kerberos: TGS-REQ administrator at SAMBALIME.STRATUS.COM from
ipv4:10.90.0.87:49614 for Administrator at SAMBALIME.STRATUS.COM
[canonicalize, renewable, forwardable]
Kerberos: Principal may not act as server --
Administrator at SAMBALIME.STRATUS.COM
Kerberos: Failed building TGS-REP to ipv4:10.90.0.87:49614
Terminating connection - 'kdc_tcp_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED]
Is something wrong with our configuration (smb.conf)?
-Ajay
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list