[Samba] Cannot authenticate the administrator account

L.P.H. van Belle belle at bazuin.nl
Thu Apr 30 08:41:26 MDT 2015 

Hai Mike, 

in /etc/hosts
remove the line : 
127.0.0.1       dc1.internal.example.com    dc1

and try again. 

Greetz, 

Louis


>-----Oorspronkelijk bericht-----
>Van: 1100100 at gmail.com [mailto:samba-bounces at lists.samba.org] 
>Namens Mike
>Verzonden: donderdag 30 april 2015 16:35
>Aan: samba
>Onderwerp: Re: [Samba] Cannot authenticate the administrator account
>
>SUCCESS.........up to the point of kerberos tickets.
>((What a difference a night's sleep can do for logic neurons.))
>
>Everything works with the provisioning now except for kerberos.
>The setup follows and ends with the kinit, klist, and kvno 
>errors/failures:
>
>[root at dc1 ~]# hostname -f
>dc1.internal.example.com
>[root at dc1 ~]# hostname -s
>dc1
>[root at dc1 ~]# hostname -d
>internal.example.com
>[root at dc1 ~]# hostnamectl status
>   Static hostname: dc1.internal.example.com
>         Icon name: computer-server
>           Chassis: server
>        Machine ID: 57ccaldjfre9tuq34uadl5fjgq9823uadog
>           Boot ID: f4c1eqa9e8rt709q23y849tyqghlkqdhfg9
>  Operating System: CentOS Linux 7 (Core)
>       CPE OS Name: cpe:/o:centos:centos:7
>            Kernel: Linux 3.10.0-229.1.2.el7.x86_64
>      Architecture: x86_64
>[root at dc1 ~]# cat /etc/resolv.conf
>domain internal.example.com
>search internal.example.com
>nameserver 10.10.1.225
>
>[root at dc1 ~]# cat /etc/hosts
>127.0.0.1       dc1.internal.example.com    dc1
>127.0.0.1       localhost
>10.10.1.225     dc1.internal.example.com    dc1
>
>[root at dc1 ~]# cat /etc/samba/smb.conf
># Global parameters
>[global]
>        workgroup = INTERNAL
>        realm = INTERNAL.EXAMPLE.COM
>        netbios name = dc1
>        interfaces = lo, eno1
>        bind interfaces only = Yes
>        server role = active directory domain controller
>        dns forwarder = 75.75.76.76
>        idmap_ldb:use rfc2307 = yes
>
>
>[root at dc1 ~]# smbclient //internal.example.com/netlogon 
>-UAdministrator -c
>'ls'
>Enter Administrator's password:
>Domain=[INTERNAL] OS=[Unix] Server=[Samba 4.1.17-SerNet-RedHat-11.el7]
>  .                                   D        0  Thu Apr 30 
>09:36:14 2015
>  ..                                  D        0  Thu Apr 30 
>09:36:20 2015
>
>                51175 blocks of size 1048576. 48360 blocks available
>
>[root at dc1 ~]# host -t SRV _ldap._tcp.internal.example.com.
>_ldap._tcp.internal.example.com has SRV record 0 100 389
>dc1.internal.example.com.
>[root at dc1 ~]# host -t SRV _kerberos._udp.internal.example.com.
>_kerberos._udp.internal.example.com has SRV record 0 100 88
>dc1.internal.example.com.
>[root at dc1 ~]# host -t A dc1.internal.example.com.
>dc1.internal.example.com has address 10.10.1.225
>[root at dc1 ~]#
>
>[root at dc1 ~]# kinit administrator at INTERNAL.EXAMPLE.COM
>Password for administrator at INTERNAL.EXAMPLE.COM:
>kinit: Preauthentication failed while getting initial credentials
>
>[root at dc1 ~]# cat /etc/krb5.conf
>[libdefaults]
>        default_realm = INTERNAL.EXAMPLE.COM
>        dns_lookup_realm = false
>        dns_lookup_kdc = true
>[root at dc1 ~]# klist
>klist: Credentials cache file '/tmp/krb5cc_0' not found
>[root at dc1 ~]#
>
>[root at dc1 ~]# kvno administrator at INTERNAL.EXAMPLE.COM
>kvno: Credentials cache file '/tmp/krb5cc_0' not found while 
>getting client
>principal name
>[root at dc1 ~]#
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list