[Samba] The number of maximum ticket referrals has been exceeded

Nico De Ranter nico.deranter at esaturnus.com
Tue Dec 22 15:43:42 UTC 2015


I have a AD domain based on 2 Ubuntu servers running Samba 4.1.17
I've successfully added a number of windows and linux clients to the domain.
I now tried adding an extra Linux printer server.  When I try to access the
server from a Windows client, I am asked to enter a username and password
(altough I am already logged in to the domain).  Whatever username and
password I enter access is always refused.  At the bottom I see:

"The system detected a possible attempt to compromise security. Please
ensure that you can contact the server that authenticated you".

In the event viewer on the windows pc I see:

"The Securyty System detected an authentication erro for the server
cifs/print.office. The failure code from authentication protocol Kerberos
was "The number of maximum ticket referrals has been exceeded (0xc00002f4)"

I also see:

"Time provider ntpClient: No valid response has been received from domain
controller dc1.win.office after 8 attempts to contact it. This domain
controller will be discarded as a time source and ntpClient will attempt to
discover a new domain controller from which to synchronize. The error was:
peer is unreachable"

The clocks of all Linux servers are in sync.  Any idea what may be wrong?
I'm not running ntp on the AD servers (they are syncing to the vmware
server in stead).  Do I need to run an ntp server on the AD servers (I was
told this is not a good idea on a VMware virtual machine)?  I assumed
Windows uses its own time protocol so any way to ensure the clocks are in
sync would be enough.


Nico De Ranter

Operations Engineer

T. +32 16 40 12 82

M. +32 497 91 53 78



More information about the samba mailing list