[Samba] Samba4 + Bind-9.9.5: client update domain/IN denied for some hosts

David Raison david at tentwentyfour.lu
Wed Sep 16 07:13:31 UTC 2015

Hi Rowland,

On 15/09/15 20:31, Rowland Penny wrote:
> Is this just one client ? it sounds like the machines kerberos ticket
> has expired.

It's the one definitely, and it might be another one too, but I haven't
had anyone else complain so far.
So what would I do to renew the kerberos ticket? What could have caused
it (a client not having been used or locked for some time?, cf. [1]) And
how would I prevent that from happening?

I have found how to request a ticket on a Linux box [0], but not when or
how this is done on Windows clients.
Would I have to make it rejoin the domain?

Using the resources in [0], I double checked DNS is set up correctly and
krb5.conf is simply a symlink to the file in /var/lib/samba/private:

    default_realm = PDC.CIJ.LU
    dns_lookup_realm = false
    dns_lookup_kdc = true

> I also noticed this: 'Sep 15 19:16:19 kashyyyk named[10495]: binding
> TCP socket: address in use'
> It looks like something else is using TCP port 53 

Right… might be port 53 on the bridge interface though. I think I should
be able to disable bind from listening to that interface without any


[1] https://lists.samba.org/archive/samba/2014-March/179669.html

TenTwentyFour S.à r.l.
W: www.tentwentyfour.lu
T: +352 20 211 1024
F: +352 20 211 1023
9 av. des Hauts-Fourneaux
4362 Esch-sur-Alzette

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20150916/dc02106b/signature.sig>

More information about the samba mailing list