[Samba] kinit succeeded but ads_sasl_spnego_krb5_bind failed: The context has expired : Success
Dmitry MiksIr
miksir at maker.ru
Wed Aug 12 11:17:07 UTC 2015
Samba4 as AD controller. Same samba as domain members. Winbind.
Periodically (once in few days) after subject message in winbind logs
its stop working and only restart of winbindd helps.
Error message:
[2015/08/10 13:31:14.410866, 0]
../source3/libads/sasl.c:1025(ads_sasl_spnego_bind)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: The context
has expired : Success
smb.conf
[global]
netbios name = PC1
workgroup = FOREST
security = ADS
realm = FOREST.INT.DOMAIN.COM
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
idmap config * : range = 300-499
idmap config * : backend = tdb
idmap config * : script = /etc/samba/idmap.sh
idmap config FOREST : backend = ad
idmap config FOREST : range = 500 - 99999
idmap config FOREST : schema_mode = rfc2307
idmap cache time = 5
idmap negative cache time = 5
winbind trusted domains only = No
winbind use default domain = Yes
winbind nss info = rfc2307
winbind enum users = Yes
winbind enum groups = Yes
winbind refresh tickets = Yes
winbind cache time = 5
krb.conf
[libdefaults]
default_realm = FOREST.INT.DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
More information about the samba
mailing list