[Samba] Cannot authenticate the administrator account
Andrey Repin
anrdaemon at yandex.ru
Wed Apr 29 13:16:32 MDT 2015
Greetings, Mike!
> So close . . .
> Reprovision completed.
> Server Role: active directory domain controller
> Hostname: internal
> NetBIOS Domain: INTERNAL
> DNS Domain: internal.example.com
You're AGAIN confusing hostname and domain (realm) name!
> DOMAIN SID: S-1-5-21-123456789-123456789-123456789
> ----------------------------------------------
> ]# hostname -f
> internal.example.com
Given your Samba configuration, this should reply
internal.internal.example.com
> ]# hostname -s
> internal
> ]# hostname -d
> example.com
And this should reply
internal.example.com
> ---------------------------------------------
> DNS test all work correctly.
No, they aren't.
> ---------------------------------------------
> ]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: administrator at EXAMPLE.COM
> Valid starting Expires Service principal
> 04/29/2015 10:20:18 04/29/2015 20:20:18 krbtgt/EXAMPLE.COM at EXAMPLE.COM
> renew until 04/30/2015 10:19:53
> BUT ---
> ]# kinit administrator at EXAMPLE.COM
> kinit: Cannot find KDC for realm "EXAMPLE.COM" while getting initial
> credentials
> ]# kinit administrator at INTERNAL.EXAMPLE.COM
> kinit: Cannot contact any KDC for realm 'INTERNAL.EXAMPLE.COM' while
> getting initial credentials
This only reinforces my claim that you again confused the terms and
misconfigured your setup.
If you really just testing it, get back to
workgroup = INTERNAL
realm = EXAMPLE.COM
netbios name = DC1
Your DNS tests must show
hostname --short: dc1
hostname --domain: example.com
hostname --fqdn: dc1.example.com
If you are experimenting with a copy of live setup, please start showing real
data as you enter it, it'll lead to a faster resolution.
--
With best regards,
Andrey Repin
Wednesday, April 29, 2015 22:10:15
Sorry for my terrible english...
More information about the samba
mailing list