[Samba] Samba 4.1.7 CTDB winbind not syncing when connected to MS AD 2008R2 - WAS: Re: Samba 4.1.7 clustering not using private dir

steve steve at steve-ss.com
Tue May 6 03:36:50 MDT 2014 

On Mon, 2014-05-05 at 21:13 -0500, Taylor, Jonn wrote:
> On 05/05/2014 04:58 PM, steve wrote:
> > On Mon, 2014-05-05 at 11:52 -0500, Taylor, Jonn wrote:
> >> On 05/05/2014 09:20 AM, steve wrote:
> >>> On Mon, 2014-05-05 at 08:48 -0500, Taylor, Jonn wrote:
> >>>
> >>>> ../lib/krb5_wrap/krb5_samba.c:499(ads_krb5_mk_req)**
> >>>> **  ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or
> >>>> directory)*
> >>>> [2014/05/05 08:36:53.741217,  0]
> >>>> ../source3/libads/kerberos_util.c:74(ads_kinit_password)
> >>>>      kerberos_kinit_password SHR01$@TAYLORTELEPHONE.COM failed:
> >>>> Preauthentication failed
> >>>> [2014/05/05 08:36:53.741333,  1]
> >>>> ../source3/winbindd/winbindd_ads.c:122(ads_cached_connection_connect)
> >>>>      ads_connect for domain TAYLORTELEPHONE failed: Preauthentication failed
> >>>> [2014/05/05 08:36:53.741427,  1]
> >>>> ../source3/winbindd/idmap_ad.c:199(idmap_ad_unixids_to_sids)
> >>>>      ADS uninitialized: Preauthentication failed
> >>>> [2014/05/05 08:36:53.741538,  4]
> >>>> ../source3/winbindd/winbindd_dual.c:1346(child_handler)
> >>>>      Finished processing child request 59
> >>>>
> >>>> So what file or directory could not be found?
> >>>>
> >>>> Jonn
> >>>>
> >>> Do you have the SHR01$ machine key in the keytab? Is the keytab
> >>> at /etc/krb5.keytab?
> >>>
> >> Followed wiki..... kinit Administrator and then net ads join
> >> -UAdministrator . After a day I get that message.
> >>
> > Hi
> > klist -k
> > anything?
> >
> >
> There would be no file. This is samba 4.1.7. It creates it's own 
> krb5.conf file at /var/cache/samba/smb_krb5/krb5.conf.TAYLORTELEPHONE 
> and loks like this.
> 
> [libdefaults]
>      default_realm = TAYLORTELEPHONE.COM
>      default_tgs_enctypes = aes256-cts-hmac-sha1-96 
> aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
>      default_tkt_enctypes = aes256-cts-hmac-sha1-96 
> aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
>      preferred_enctypes = aes256-cts-hmac-sha1-96 
> aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
> 
> [realms]
>      TAYLORTELEPHONE.COM = {
>          kdc = 192.168.173.14
>      kdc = 192.168.173.13
>      }
> 
> Then it writes the keytab somewhere but that I can not find.

Do you have a:
kerberos method =
in smb.conf?

More information about the samba mailing list