[Samba] Samba4 + Bind-9.9.5: client update domain/IN denied for some hosts
David Raison
david at tentwentyfour.lu
Wed Sep 16 07:13:31 UTC 2015
Hi Rowland,
On 15/09/15 20:31, Rowland Penny wrote:
>
> Is this just one client ? it sounds like the machines kerberos ticket
> has expired.
It's the one definitely, and it might be another one too, but I haven't
had anyone else complain so far.
So what would I do to renew the kerberos ticket? What could have caused
it (a client not having been used or locked for some time?, cf. [1]) And
how would I prevent that from happening?
I have found how to request a ticket on a Linux box [0], but not when or
how this is done on Windows clients.
Would I have to make it rejoin the domain?
Using the resources in [0], I double checked DNS is set up correctly and
krb5.conf is simply a symlink to the file in /var/lib/samba/private:
[libdefaults]
default_realm = PDC.CIJ.LU
dns_lookup_realm = false
dns_lookup_kdc = true
>
> I also noticed this: 'Sep 15 19:16:19 kashyyyk named[10495]: binding
> TCP socket: address in use'
> It looks like something else is using TCP port 53
Right… might be port 53 on the bridge interface though. I think I should
be able to disable bind from listening to that interface without any
trouble.
Thanks,
David
[0]
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller#Configure_Kerberos
[1] https://lists.samba.org/archive/samba/2014-March/179669.html
--
TenTwentyFour S.à r.l.
W: www.tentwentyfour.lu
T: +352 20 211 1024
F: +352 20 211 1023
9 av. des Hauts-Fourneaux
4362 Esch-sur-Alzette
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20150916/dc02106b/signature.sig>
More information about the samba
mailing list