[Samba] kerberos got crazy after ubuntu upgrade from 14.04 to 16.04

Rowland Penny rpenny at samba.org
Sun Apr 23 08:32:43 UTC 2017

On Sun, 23 Apr 2017 09:39:53 +0200
Jakub Kulesza via samba <samba at lists.samba.org> wrote:

> Hi!
> I had to upgrade my PDC from 14.04 to 16.04 Ubuntu. The samba version
> stayed the same, but then some crazy miracles started to
> happen. 4.3.11+dfsg-0ubuntu0.16.04.6

You haven't got a PDC, you have an AD DC

Can I suggest you remove these lines:

        security = auto
        dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, winreg, srvsvc
        client use spnego = yes
        map acl inherit = Yes
        hosts allow = ALL
        server signing = auto
        raw NTLMv2 auth = yes
        client ipc signing = auto
        client ldap sasl wrapping = plain
        idmap config GPMV : backend = ad
        idmap config GPMV : range = 1000-9999999
        map untrusted to domain = Yes
        store dos attributes = yes
        kerberos method = secrets and keytab
        usershare max shares = 0
        encrypt passwords = yes
        password server = pdc.biuro.domain

Change this :

vfs objects = acl_xattr, full_audit


vfs objects = full_audit

But put it into a share!

Also finally, there is this:
server services = rpc, nbt, wrepl, ldap, cldap, drepl, winbind,
ntp_signd, kcc, dnsupdate, dns, s3fs, winbindd

I suggest you remove this as well because you have all the default
settings and 'winbind' & 'winbindd'


More information about the samba mailing list