[Samba] Samba4 Domain member only usable with ip

Mon Jul 27 21:55:01 UTC 2015

Le 27/07/2015 17:50, zorg a écrit :
> Le 27/07/2015 17:02, Rowland Penny a écrit :
>> On 27/07/15 15:51, zorg wrote:
>>> Le 27/07/2015 16:16, Rowland Penny a écrit :
>>>> On 27/07/15 15:13, zorg wrote:
>>>>> HI,
>>>>>
>>>>> I'm using debian jessie
>>>>> I have followed this instruction
>>>>>
>>>>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>>>>
>>>>> Here is :
>>>>>
>>>>> [global]
>>>>>     workgroup = DOM
>>>>>     realm = DOM.LOCAL
>>>>>     server role = member server
>>>>>     security = ADS
>>>>>     map to guest = Bad User
>>>>>     dedicated keytab file = /etc/krb5.keytab
>>>>>     kerberos method = dedicated keytab
>>>>>     syslog = 0
>>>>>     log file = /var/log/samba/log.%m
>>>>>     max log size = 1000
>>>>>     dns proxy = No
>>>>>     panic action = /usr/share/samba/panic-action %d
>>>>>     winbind enum users = Yes
>>>>>     winbind enum groups = Yes
>>>>>     winbind use default domain = Yes
>>>>>     winbind nss info = rfc2307
>>>>>     winbind refresh tickets = Yes
>>>>>     idmap config DOM:range = 10000-99999
>>>>>     idmap config DOM:backend = rid
>>>>>     idmap config *:range = 2000-9999
>>>>>     idmap config * : backend = tdb
>>>>>     create mask = 0664
>>>>>     force create mode = 0664
>>>>>     force directory mode = 0775
>>>>>
>>>>> [homes]
>>>>>     comment = Home Directories
>>>>>     valid users = %S
>>>>>     create mask = 0700
>>>>>     directory mask = 0700
>>>>>     browseable = No
>>>>>
>>>>>
>>>>>
>>>>> Le 27/07/2015 15:47, Rowland Penny a écrit :
>>>>>> On 27/07/15 14:37, zorg wrote:
>>>>>>> Hi,
>>>>>>> Hope someone can help
>>>>>>> I have setup a domain menber samba4 server
>>>>>>
>>>>>> How have you set it up, what howto or instructions did you follow ?
>>>>>> What OS ?
>>>>>> Please post the smb.conf from the member server
>>>>>>
>>>>>>>
>>>>>>> I can access it perfectly using his ip \\192.168.0.3
>>>>>>
>>>>>> How are you trying to access the server ?
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> But if I use his name \\shareserver it ask me for a password 
>>>>>>> like if i was not join
>>>>>>>
>>>>>>> dns are working
>>>>>>
>>>>>> What DNS are you using ?
>>>>>>
>>>>>> Rowland
>>>>>>
>>>>>>>
>>>>>>> Don't really know where to look to find the clue
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>> What about the other two questions ?
>>>>
>>>> How are you trying to access the server ?
>>>> What DNS are you using ?
>>>>
>>>> Rowland
>>>>
>>>>
>>> Look at the log I got this error when using dnsname not wih the ip
>>>
>>> [2015/07/27 16:50:06.225754,  1] 
>>> ../source3/librpc/crypto/gse.c:465(gse_get_server_auth_token)
>>>   gss_accept_sec_context failed with [ Miscellaneous failure (see 
>>> text): Failed to find cifs/smbfs.DOM.local at DOM.LOCAL(kvno 2) in 
>>> keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
>>>
>>
>> Are you actually using a domain that ends in .local ? if so, try 
>> turning off Avahi on the member server and then try again.
>>
>> Rowland
>>
>>
> yes it end with .local
> I don't have avahi
> samba is running in the lxc container
>
>
>
if have turn off avahi
try hosts:      files dns mdns4_minimal myhostname

but still have this in the log and can only access (without password 
being ask using ip)
  gss_accept_sec_context failed with [ Miscellaneous failure (see text): 
Failed to find cifs/SMBFS.DOM.local at DOM.LOCAL(kvno 2) in keytab 
MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
[2015/07/21 15:44:22.054874,  1] 
../auth/gensec/spnego.c:573(gensec_spnego_parse_negTokenInit)
   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
[2015/07/21 15:44:22.054964,  2] 
../auth/gensec/spnego.c:743(gensec_spnego_server_negTokenTarg)
   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
[2015/07/21 15:44:22.055059,  4] ../source3/smbd/sec_ctx.c: