[Samba] Samba 4.1.7 CTDB winbind not syncing when connected to MS AD 2008R2 - WAS: Re: Samba 4.1.7 clustering not using private dir

Taylor, Jonn jonnt at taylortelephone.com
Tue May 6 13:19:36 MDT 2014 

On 05/06/2014 04:36 AM, steve wrote:
> On Mon, 2014-05-05 at 21:13 -0500, Taylor, Jonn wrote:
>> On 05/05/2014 04:58 PM, steve wrote:
>>> On Mon, 2014-05-05 at 11:52 -0500, Taylor, Jonn wrote:
>>>> On 05/05/2014 09:20 AM, steve wrote:
>>>>> On Mon, 2014-05-05 at 08:48 -0500, Taylor, Jonn wrote:
>>>>>
>>>>>> ../lib/krb5_wrap/krb5_samba.c:499(ads_krb5_mk_req)**
>>>>>> **  ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or
>>>>>> directory)*
>>>>>> [2014/05/05 08:36:53.741217,  0]
>>>>>> ../source3/libads/kerberos_util.c:74(ads_kinit_password)
>>>>>>       kerberos_kinit_password SHR01$@TAYLORTELEPHONE.COM failed:
>>>>>> Preauthentication failed
>>>>>> [2014/05/05 08:36:53.741333,  1]
>>>>>> ../source3/winbindd/winbindd_ads.c:122(ads_cached_connection_connect)
>>>>>>       ads_connect for domain TAYLORTELEPHONE failed: Preauthentication failed
>>>>>> [2014/05/05 08:36:53.741427,  1]
>>>>>> ../source3/winbindd/idmap_ad.c:199(idmap_ad_unixids_to_sids)
>>>>>>       ADS uninitialized: Preauthentication failed
>>>>>> [2014/05/05 08:36:53.741538,  4]
>>>>>> ../source3/winbindd/winbindd_dual.c:1346(child_handler)
>>>>>>       Finished processing child request 59
>>>>>>
>>>>>> So what file or directory could not be found?
>>>>>>
>>>>>> Jonn
>>>>>>
>>>>> Do you have the SHR01$ machine key in the keytab? Is the keytab
>>>>> at /etc/krb5.keytab?
>>>>>
>>>> Followed wiki..... kinit Administrator and then net ads join
>>>> -UAdministrator . After a day I get that message.
>>>>
>>> Hi
>>> klist -k
>>> anything?
>>>
>>>
>> There would be no file. This is samba 4.1.7. It creates it's own
>> krb5.conf file at /var/cache/samba/smb_krb5/krb5.conf.TAYLORTELEPHONE
>> and loks like this.
>>
>> [libdefaults]
>>       default_realm = TAYLORTELEPHONE.COM
>>       default_tgs_enctypes = aes256-cts-hmac-sha1-96
>> aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
>>       default_tkt_enctypes = aes256-cts-hmac-sha1-96
>> aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
>>       preferred_enctypes = aes256-cts-hmac-sha1-96
>> aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
>>
>> [realms]
>>       TAYLORTELEPHONE.COM = {
>>           kdc = 192.168.173.14
>>       kdc = 192.168.173.13
>>       }
>>
>> Then it writes the keytab somewhere but that I can not find.
> Do you have a:
> kerberos method =
> in smb.conf?
>
>
No

More information about the samba mailing list