[Samba] Key table name malformed
L.P.H. van Belle
belle at bazuin.nl
Wed Apr 5 07:25:12 UTC 2017
Hai Mourik-Jan,
This looks all good.
Only one thing in the config, you can remove :
winbind nss info = rfc2307
Since your alread set ( for 4.6.x) :
idmap config INTECH:unix_nss_info = yes
Can you check the content of the keytab? klist -ke /etc/krb5.keytab
post ( if needed anonymized ) the content you see.
run : net ads keytab list -UAdministrator
And did you by accident run : net ads join , multiple times on this server?
About the realm in caps or not, to my believe that no problem in samba.
But to be sure, i would recommends everything in caps.
Looks to me there is something with net ads keytab going on.
I'll go test a bit more here also.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens mj via samba
> Verzonden: woensdag 5 april 2017 8:30
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Key table name malformed
>
> Hi Louis,
>
> On 04/05/2017 07:51 AM, L.P.H. van Belle via samba wrote:
> > Yes, post the complete smb.conf.. when what os your running.
> > Then we can have a look better whats going on.
> >
> > Greetz,
> >
> > Louis
>
> Here is the smb.conf for the debian 8.7 domain member server running
> samba 4.6.1:
> > root at processing:~# cd /etc/samba/
> > root at processing:/etc/samba# cat smb.conf
> > [global]
> >
> > netbios name = processing
> > workgroup = WKRGRP
> > security = ADS
> > realm = SAMBA.COMPANY.COM
> >
> > dedicated keytab file = /etc/krb5.keytab
> > kerberos method = secrets and keytab
> > winbind refresh tickets = yes
> > winbind use default domain = yes
> > winbind enum users = yes
> > winbind enum groups = yes
> >
> > idmap config *:backend = tdb
> > idmap config *:range = 1000000-1000999
> > idmap config INTECH:backend = ad
> > idmap config INTECH:schema_mode = rfc2307
> > idmap config INTECH:range = 500-999999
> > idmap config INTECH:unix_nss_info = yes
> >
> > winbind nss info = rfc2307
> >
> > log level = 3
>
> Here is smb.conf for the DC2, running samba 4.5.6 on debian 7.11:
> > root at DC2:~# cat /etc/samba/smb.conf
> > # Global parameters
> > [global]
> > workgroup = WKRGRP
> > realm = samba.company.com
> > netbios name = DC2
> > server role = active directory domain controller
> > dns forwarder = 192.65.132.5
> > allow dns updates = nonsecure
> >
> > server signing = mandatory
> > ntlm auth = yes
> > ldap server require strong auth = no
> > printing = bsd
> > log level = 3
> > idmap_ldb:use rfc2307 = yes
> >
> >
> > [netlogon]
> > path = /var/lib/samba/sysvol/samba.company.com/scripts
> > read only = No
> >
> > [sysvol]
> > path = /var/lib/samba/sysvol
> > read only = No
> > acl_xattr:ignore system acls = yes
>
> This domain seems to be mostly running fine for some years, ever since
> samba 4.1.16 or so.
>
> I realise that my realm on the DC is written in lower case. However
> testparm shows it uppercase, and everyting has always been running good,
> that why I was afraid to change it to capitals. It's lower case ONLY in
> the smb.conf on the three the DCs. Everywhere else in caps.
>
> Ideas?
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list