[Samba] Connections to Samba fail when "includedir" is set in krb5.conf (e. g. after RHEL 7.2 to 7.3 update)

Rowland Penny rpenny at samba.org
Thu Dec 29 21:17:33 UTC 2016

On Thu, 29 Dec 2016 21:40:56 +0100
Marc Muehlfeld via samba <samba at lists.samba.org> wrote:

> Hi,
> I spent some time today to figure out why my clients are unable to
> connect to my Samba AD domain member after updating the operating
> system from CentOS 7.2 to 7.3 and I thought sharing the reason and the
> workaround can help others:
> If you run RHEL/CentOS 7.2 with an unmodified /etc/krb5.conf file

Hi Marc, that is your problem there and it has highlighted another
problem, the Samba wiki page:


Doesn't have anything about krb5.conf

You should run the same /etc/krb5.conf as on a DC, of course this may
change when red-hat finally releases a Samba AD DC MIT package.

> and
> update to 7.3, the krb5-workstation-1.14.1-27 package adds an
> "includedir" statement to the top of the file. If you modified the
> file in the past, the entry is not added and everything is fine.
> This "includedir" statement causes all connections (shares, RPC, etc.)
> to the Samba domain member to fail. If you set the log level to 3 or
> higher, the following error is logged:
> [2016/12/29 20:40:12.306475,  3]
> ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
>   smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> at ../source3/smbd/smb2_sesssetup.c:134 [2016/12/29 20:40:12.307256,
> 3] ../source3/smbd/server_exit.c:246(exit_server_common)
> To work around the problem, simply remove the "includedir" statement
> from the /etc/krb5.conf file. No restart is required.
> Here is the bug report:
> https://bugzilla.samba.org/show_bug.cgi?id=12488

Why are you logging a Samba bug for what seems to be a
configuration error ?


More information about the samba mailing list