[Samba] NFSV4 Client setup problem

L.P.H. van Belle belle at bazuin.nl
Tue Dec 1 08:24:21 UTC 2015 

Few things, 

- check your resolv.conf, make sure your Samba AD the first nameservers 
- check if you resolv.conf search, has, search india.local 
- is the time in sync with the DC? 
- on debian, a login as "Administrator" (if mapped to root) wont work. ( or remove the mini
- in general, dont give Administrator a UID/GID 
- in general, dont use Administrator for ssh logins, but thats a choice, beter is, create a new user, and give that one admin rights. 

And have a look in to this script, works good on wheezy. 
https://secure.bazuin.nl/scripts/these_are_experimental_scripts/setup-nfsv4-kerberos.sh 

last. 
With above you can login without a password, but no tgt ticket is generated. 
for fix that, add "kinit -f -p" in the bashrc

Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens VigneshDhanraj G
> Verzonden: dinsdag 1 december 2015 8:18
> Aan: samba-technical at lists.samba.org; samba at lists.samba.org
> Onderwerp: [Samba] NFSV4 Client setup problem
> 
> Hi,
> 
> I tried to bring up nfsv4 client setup, but when i joining AD server from
> my LINUX machine i always get below error
> 
> "kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in
> Kerberos database
> Failed to join domain: failed to connect to AD: Server not found in
> Kerberos database"
> 
> wbinfo -u command gives the user list
> net ads info gives the details of the AD
> 
> when i tried to login from AD administrator user i am not able to login
> using ssh.
> 
> i am using debian wheezy as client and windows 2003 Server as AD.
> 
> my samba conf
> [global]
>         security = ADS
>         realm = INDIA.LOCAL
> # If the system doesn't find the domain controller automatically, you may
> need the following line
>         password server = INDIA.LOCAL
> # note that workgroup is the 'short' domain name
>         workgroup = INDIA
> #       winbind separator = +
>         winbind refresh tickets = yes
>         winbind enum users = yes
>         winbind enum groups = yes
>         template homedir = /home/%D/%U
>         template shell = /bin/bash
>         client use spnego = yes
>         client ntlmv2 auth = yes
>         encrypt passwords = yes
>         winbind use default domain = yes
>         restrict anonymous = 2
>         kerberos method = secrets and keytab
>         dedicated keytab file = /etc/krb5.keytab
>         name resolve order = lmhosts host
> 
> 
> could anyone help regarding this?
> 
> Regards,
> Vigneshdhanraj G
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list