[Samba] Problem Accessing Samba share from Windows workstation via DNS Round Robin
simo
idra at samba.org
Sun Jan 22 18:07:14 MST 2012
On Mon, 2012-01-23 at 09:58 +1000, Peter Tan wrote:
> Hi Simo,
>
> Thanks for your email. (It is good to get some reassurances I am on the right track...:)
>
> "My preferred one is to join the cluster to the domain with the public name (clusterpub) in your case, and share the keytab between the 2 nodes. They are logically a single server and need to share the same credentials."
>
> This is how I have set it up (as per samba ctdb wiki documentation) using "clusterpub" but it just refuses to let me map "\\clusterpub\share" on my windows client. I can hit the individual node's share using IP: \\10.101.4.16\share & \\10.101.4.17\share and these work fine (which is really working as per your option two).
>
> As given before, incredibly I am able to successfully connect to \\clusterpub\share using smbclient from one of the linux nodes using my window domain login. I am confident winbind is working ok.
>
> It looks like Kerberos is having a problem. When trying to map from windows I get the following error in /var/log/messages (on the node that dns happens to send me to): "krb5_rd_req failed (Key table entry not found)".
>
> # klist -ke
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
> ---- --------------------------------------------------------------------------
> 2 host/clusterpub.mydomain.au at MYDOMAIN.AU (DES cbc mode with CRC-32)
> 2 host/clusterpub. mydomain.au @ MYDOMAIN.AU (DES cbc mode with RSA-MD5)
> 2 host/clusterpub. mydomain.au @ MYDOMAIN.AU (ArcFour with HMAC/md5)
> 2 host/clusterpub@ MYDOMAIN.AU (DES cbc mode with CRC-32)
> 2 host/clusterpub@ MYDOMAIN.AU (DES cbc mode with RSA-MD5)
> 2 host/clusterpub@ MYDOMAIN.AU (ArcFour with HMAC/md5)
> 2 CLUSTERPUB$@ MYDOMAIN.AU (DES cbc mode with CRC-32)
> 2 CLUSTERPUB$@ MYDOMAIN.AU (DES cbc mode with RSA-MD5)
> 2 CLUSTERPUB$@ MYDOMAIN.AU (ArcFour with HMAC/md5)
I think you are missing keys for cifs/fqdn at REALM
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba
mailing list