[Samba] Connections to Samba fail when "includedir" is set in krb5.conf (e. g. after RHEL 7.2 to 7.3 update)

Marc Muehlfeld mmuehlfeld at samba.org
Thu Dec 29 20:40:56 UTC 2016


I spent some time today to figure out why my clients are unable to
connect to my Samba AD domain member after updating the operating system
from CentOS 7.2 to 7.3 and I thought sharing the reason and the
workaround can help others:

If you run RHEL/CentOS 7.2 with an unmodified /etc/krb5.conf file and
update to 7.3, the krb5-workstation-1.14.1-27 package adds an
"includedir" statement to the top of the file. If you modified the file
in the past, the entry is not added and everything is fine.

This "includedir" statement causes all connections (shares, RPC, etc.)
to the Samba domain member to fail. If you set the log level to 3 or
higher, the following error is logged:

[2016/12/29 20:40:12.306475,  3]
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_UNSUCCESSFUL] || at ../source3/smbd/smb2_sesssetup.c:134
[2016/12/29 20:40:12.307256,  3]

To work around the problem, simply remove the "includedir" statement
from the /etc/krb5.conf file. No restart is required.

Here is the bug report:


More information about the samba mailing list