[Samba] kinit succeeded but ads_sasl_spnego_krb5_bind failed
Rowland penny
rpenny at samba.org
Sat Apr 9 11:14:15 UTC 2016
On 09/04/16 11:55, Lists wrote:
> nop, the same message.
>
> I made all change, the tests are success but the same message.
>
> ----- Αρχικό μήνυμα -----
> Από: "Rowland penny" <rpenny at samba.org>
> Προς: "samba" <samba at lists.samba.org>
> Απεσταλμένα: Σάββατο, Απρίλιος 9, 2016 1:40:50 μ.μ.
> Θέμα: Re: [Samba] kinit succeeded but ads_sasl_spnego_krb5_bind failed
>
> On 09/04/16 11:30, Lists wrote:
>> Ok I am sorry was a test I send you again the smb.conf
>>
>> # Global parameters
>> [global]
>> netbios name = SOLFS
>> security = ADS
>> workgroup = SOLAE
>> realm = SOLAE.LOCAL
>>
>> log file = /var/log/samba/%m.log
>> log level = 1
>>
>> dedicated keytab file = /etc/krb5.keytab
>> kerberos method = secrets and keytab
>> winbind refresh tickets = yes
>>
>> winbind trusted domains only = no
>> winbind use default domain = yes
>> winbind enum users = yes
>> winbind enum groups = yes
>>
>> # Important: The ranges of the default (*) idmap config
>> # and the domain(s) must not overlap!
>>
>> # Default idmap config used for BUILTIN and local accounts/groups
>> idmap config *:backend = tdb
>> idmap config *:range = 2000-9999
>>
>> # idmap config for domain SOLAE
>> idmap config SOLAE:backend = rid
>> idmap config SOLAE:range = 10000-99999
>>
>> # Use template settings for login shell and home directory
>> winbind nss info = template
>> template shell = /sbin/bash
>> template homedir = /home/%U
>> #[profiles]
>> # path = /var/lib/samba/profiles
>> # read only = no
>>
>> #[Public]
>> # path = /home/Public
>> # read only = no
>>
>> #[Application]
>> # path = /home/Application
>> # read only = no
>>
>>
>>
>>
> Set /etc/resolv.conf on the machine you are trying to join to:
>
> search solae.local
> nameserver 10.0.0.22
>
> Set /etc/hosts to:
>
> 10.0.0.25 solfs solfs.solae.local
> 127.0.0.1 localhost localhost.localdomain localhost4
> localhost4.localdomain4
> ::1 localhost localhost.localdomain localhost6
> localhost6.localdomain6
>
> Now try a few tests:
>
> ping -c1 10.0.0.25
>
> ping -c1 10.0.0.22
>
> ping -c1 solad
>
> ping -c1 solad.solae.local
>
> If all these tests pass, try the join again
>
> Rowland
>
>
OK, lets just check a few things, starting with the machine you are
trying to join:
/etc/resolv.conf contains :
search solae.local
nameserver 10.0.0.22
10.0.0.22 is the ipaddress of the Samba4 AD DC
/etc/hosts contains just:
10.0.0.25 solfs solfs.solae.local
127.0.0.1 localhost localhost.localdomain localhost4
localhost4.localdomain4
::1 localhost localhost.localdomain localhost6
localhost6.localdomain6
10.0.0.25 is the ipaddress of the machine you are trying to join and its
short hostname is solfs
Pinging the DC by ip, short hostname and fqdn succeeds.
/etc/krb5.conf contains:
[libdefaults]
default_realm = SOLAE.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
Does /etc/krb5.keytab exist ? if so, remove it.
Now on the DC
/etc/resolv.conf should contain :
search solae.local
nameserver 10.0.0.22
/etc/hosts should contain just:
10.0.0.22 solad solad.solae.local
127.0.0.1 localhost localhost.localdomain localhost4
localhost4.localdomain4
::1 localhost localhost.localdomain localhost6
localhost6.localdomain6
/etc/krb5.conf should contain:
[libdefaults]
default_realm = SOLAE.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
You should be able to ping the machine you want to join by ip
ping -c1 10.0.0.25
If all the above are correct, you should be able to join the machine.
All I can think of after that is:
Selinux, is this enabled and blocking something ?
Is a firewall running and blocking ports ?
Finally, is the time between the two machines in sync ?
Rowland
More information about the samba
mailing list