[Samba] Connections to Samba fail when "includedir" is set in krb5.conf (e. g. after RHEL 7.2 to 7.3 update)
rpenny at samba.org
Thu Dec 29 21:17:33 UTC 2016
On Thu, 29 Dec 2016 21:40:56 +0100
Marc Muehlfeld via samba <samba at lists.samba.org> wrote:
> I spent some time today to figure out why my clients are unable to
> connect to my Samba AD domain member after updating the operating
> system from CentOS 7.2 to 7.3 and I thought sharing the reason and the
> workaround can help others:
> If you run RHEL/CentOS 7.2 with an unmodified /etc/krb5.conf file
Hi Marc, that is your problem there and it has highlighted another
problem, the Samba wiki page:
Doesn't have anything about krb5.conf
You should run the same /etc/krb5.conf as on a DC, of course this may
change when red-hat finally releases a Samba AD DC MIT package.
> update to 7.3, the krb5-workstation-1.14.1-27 package adds an
> "includedir" statement to the top of the file. If you modified the
> file in the past, the entry is not added and everything is fine.
> This "includedir" statement causes all connections (shares, RPC, etc.)
> to the Samba domain member to fail. If you set the log level to 3 or
> higher, the following error is logged:
> [2016/12/29 20:40:12.306475, 3]
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx
> status[NT_STATUS_UNSUCCESSFUL] ||
> at ../source3/smbd/smb2_sesssetup.c:134 [2016/12/29 20:40:12.307256,
> 3] ../source3/smbd/server_exit.c:246(exit_server_common)
> Server exit (NT_STATUS_CONNECTION_RESET)
> To work around the problem, simply remove the "includedir" statement
> from the /etc/krb5.conf file. No restart is required.
> Here is the bug report:
Why are you logging a Samba bug for what seems to be a
configuration error ?
More information about the samba