[Samba] Kerberos GSSAPI: Server not found in Kerberos database
Pat Suwalski
pat at suwalski.net
Tue Jan 14 09:18:23 MST 2014
On 14-01-14 10:25 AM, Pat Suwalski wrote:
> However, for the life of me, I cannot make any non-localhost Debian SSSD
> connect to Samba. I always get the wonderfully vague error:
>
> generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may
> provide more information (Server not found in Kerberos database)
Murphy is alive and well over here. Naturally, within 5 minutes of
sending the eMail, I found the solution to the problem. Never mind the
30 hours before that. :)
Reverse DNS.
The Samba server used to be called "apple". The firewall/DNS server had
this DNS record, as well as the new name "ad". This was so that both
could be resolved.
Pinging "ad" from any host, including the Samba server, worked
correctly. Samba's DNS had a proper entry, with no knowledge of "apple".
However, doing a reverse-DNS lookup from my "adtest" host was still
returning "apple".
Samba had not created reverse-DNS entries for any host in its
forward-lookup zone, and they were being passed-through from the firewall.
I am surprised this affects Kerberos, but there you have it.
I'd still love answers to my questions in the original eMail, especially
regarding necessity of joining the domain, adding the host to the SPN,
and so on.
Many thanks,
--Pat
More information about the samba
mailing list