[Samba] Cannot authenticate the administrator account
Andrey Repin
anrdaemon at yandex.ru
Wed Apr 29 13:09:33 MDT 2015
Greetings, Sketch!
>> Did I simply provision the REALM or domain incorrectly from the start?
>> testparm -v output shows I provided the following:
>>
>> workgroup = INTERNAL
>> realm = EXAMPLE.COM
>> netbios name = SAMBA
> Looks that way to me. Your realm should include the workgroup name:
> INTERNAL.EXAMPLE.COM.
> See:
> https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Server_Information
> It _might_ work if you don't specify the domain when you kinit ("kinit
> Administrator"), since kerberos will normally look up the default domain,
> or use whatever is configured as default in your krb5.conf, but I suspect
> you will have issues with anything that tries to do automatic ticket
> acquisition.
Nothing is "SHOULD" as long as the settings follow basic requirements
(single-label NETBIOS domain name, resolvable REALM name).
I.e. I have domains provisioned with "ADS.<netbios domain name>.<tld>"
All works fine, given correct DNS configuration.
--
With best regards,
Andrey Repin
Wednesday, April 29, 2015 22:07:19
Sorry for my terrible english...
More information about the samba
mailing list