[Samba] Cannot authenticate the administrator account

Andrey Repin anrdaemon at yandex.ru
Wed Apr 29 13:09:33 MDT 2015


Greetings, Sketch!

>> Did I simply provision the REALM or domain incorrectly from the start?
>> testparm -v output shows I provided the following:
>>
>> workgroup = INTERNAL
>> realm = EXAMPLE.COM
>> netbios name = SAMBA

> Looks that way to me.  Your realm should include the workgroup name: 
> INTERNAL.EXAMPLE.COM.

> See:

> https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Server_Information

> It _might_ work if you don't specify the domain when you kinit ("kinit 
> Administrator"), since kerberos will normally look up the default domain, 
> or use whatever is configured as default in your krb5.conf, but I suspect 
> you will have issues with anything that tries to do automatic ticket 
> acquisition.

Nothing is "SHOULD" as long as the settings follow basic requirements
(single-label NETBIOS domain name, resolvable REALM name).
I.e. I have domains provisioned with "ADS.<netbios domain name>.<tld>"
All works fine, given correct DNS configuration.


-- 
With best regards,
Andrey Repin
Wednesday, April 29, 2015 22:07:19

Sorry for my terrible english...



More information about the samba mailing list