[Samba] Winbind with krb5auth for trust users
L.P.H. van Belle
belle at bazuin.nl
Tue Aug 22 09:34:43 UTC 2017
Hai,
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Andreas Hauffe via samba
> Verzonden: dinsdag 22 augustus 2017 11:26
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Winbind with krb5auth for trust users
>
> Hi,
>
> thanks for the fast answer.
>
> All DCs (local and trusted domain) running on Windows Server
> 2012. The client is running on OpenSUSE Leap 42.3. The samba
> version is 4.6.5.
>
> Right now I'm a step before nfs. At first I just want to
> authorize users with krb5auth.
>
> The error is:
>
> mlrlinux:~ # wbinfo -K GLOBALDOM\\globdomuser Enter
> GLOBALDOM\globdomuser's password:
> plaintext kerberos password authentication for
> [GLOBALDOM\globdomuser] failed (requesting cctype: FILE)
> wbcLogonUser(GLOBALDOM\globdomuser): error code was
> NT_STATUS_NO_LOGON_SERVERS (0xc000005e) error message was: No
> logon servers Could not authenticate user
> [GLOBALDOM\globdomuser] with Kerberos
> (ccache: FILE)
>
> DNS resolution is working. I'm able to get the credentials
> for a GLOBDOM-User with kinit, which should not work if DNS
> resultion has errors, right?
Depends on the member server setting.
For example, do you have : kerberos method = secrets and keytab in smb.conf?
Can you post the following files, sorry, we need to verify files. ( anonimize here needed )
/etc/hostname
/etc/hosts
/etc/resolv.conf
/etc/nsswitch.conf
Your krb5.conf
And smb.conf
Greetz,
Louis
>
> Andreas
>
>
> Am 22.08.2017 um 10:04 schrieb L.P.H. van Belle via samba:
More information about the samba
mailing list