[Samba] Cannot authenticate the administrator account
L.P.H. van Belle
belle at bazuin.nl
Thu Apr 30 08:41:26 MDT 2015
Hai Mike,
in /etc/hosts
remove the line :
127.0.0.1 dc1.internal.example.com dc1
and try again.
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: 1100100 at gmail.com [mailto:samba-bounces at lists.samba.org]
>Namens Mike
>Verzonden: donderdag 30 april 2015 16:35
>Aan: samba
>Onderwerp: Re: [Samba] Cannot authenticate the administrator account
>
>SUCCESS.........up to the point of kerberos tickets.
>((What a difference a night's sleep can do for logic neurons.))
>
>Everything works with the provisioning now except for kerberos.
>The setup follows and ends with the kinit, klist, and kvno
>errors/failures:
>
>[root at dc1 ~]# hostname -f
>dc1.internal.example.com
>[root at dc1 ~]# hostname -s
>dc1
>[root at dc1 ~]# hostname -d
>internal.example.com
>[root at dc1 ~]# hostnamectl status
> Static hostname: dc1.internal.example.com
> Icon name: computer-server
> Chassis: server
> Machine ID: 57ccaldjfre9tuq34uadl5fjgq9823uadog
> Boot ID: f4c1eqa9e8rt709q23y849tyqghlkqdhfg9
> Operating System: CentOS Linux 7 (Core)
> CPE OS Name: cpe:/o:centos:centos:7
> Kernel: Linux 3.10.0-229.1.2.el7.x86_64
> Architecture: x86_64
>[root at dc1 ~]# cat /etc/resolv.conf
>domain internal.example.com
>search internal.example.com
>nameserver 10.10.1.225
>
>[root at dc1 ~]# cat /etc/hosts
>127.0.0.1 dc1.internal.example.com dc1
>127.0.0.1 localhost
>10.10.1.225 dc1.internal.example.com dc1
>
>[root at dc1 ~]# cat /etc/samba/smb.conf
># Global parameters
>[global]
> workgroup = INTERNAL
> realm = INTERNAL.EXAMPLE.COM
> netbios name = dc1
> interfaces = lo, eno1
> bind interfaces only = Yes
> server role = active directory domain controller
> dns forwarder = 75.75.76.76
> idmap_ldb:use rfc2307 = yes
>
>
>[root at dc1 ~]# smbclient //internal.example.com/netlogon
>-UAdministrator -c
>'ls'
>Enter Administrator's password:
>Domain=[INTERNAL] OS=[Unix] Server=[Samba 4.1.17-SerNet-RedHat-11.el7]
> . D 0 Thu Apr 30
>09:36:14 2015
> .. D 0 Thu Apr 30
>09:36:20 2015
>
> 51175 blocks of size 1048576. 48360 blocks available
>
>[root at dc1 ~]# host -t SRV _ldap._tcp.internal.example.com.
>_ldap._tcp.internal.example.com has SRV record 0 100 389
>dc1.internal.example.com.
>[root at dc1 ~]# host -t SRV _kerberos._udp.internal.example.com.
>_kerberos._udp.internal.example.com has SRV record 0 100 88
>dc1.internal.example.com.
>[root at dc1 ~]# host -t A dc1.internal.example.com.
>dc1.internal.example.com has address 10.10.1.225
>[root at dc1 ~]#
>
>[root at dc1 ~]# kinit administrator at INTERNAL.EXAMPLE.COM
>Password for administrator at INTERNAL.EXAMPLE.COM:
>kinit: Preauthentication failed while getting initial credentials
>
>[root at dc1 ~]# cat /etc/krb5.conf
>[libdefaults]
> default_realm = INTERNAL.EXAMPLE.COM
> dns_lookup_realm = false
> dns_lookup_kdc = true
>[root at dc1 ~]# klist
>klist: Credentials cache file '/tmp/krb5cc_0' not found
>[root at dc1 ~]#
>
>[root at dc1 ~]# kvno administrator at INTERNAL.EXAMPLE.COM
>kvno: Credentials cache file '/tmp/krb5cc_0' not found while
>getting client
>principal name
>[root at dc1 ~]#
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list