[Samba] DRS stopped working after upgrade from debian Jessie to Stretch
Rowland Penny
rpenny at samba.org
Wed Jun 21 11:20:25 UTC 2017
On Wed, 21 Jun 2017 12:41:52 +0200
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> Hai,
>
> Before you start,
>
> Backup, /etc/ /var/lib/samba better safe than sorry..
>
> Stop samba and related services ( check it at least nmbd smbd winbind
> samba samba-ad-dc)
>
>
> Well here is a choice, i preffer to keep the debian settings, which
> would be : ( and yes Rowland i know.. ;-) domain/search )
> domain net.lyc-guillaume-fichet.ac-grenoble.fr
> search net.lyc-guillaume-fichet.ac-grenoble.fr
> nameserver 172.16.0.20
>
This wouldn't be the first stupid thing that Debian has done ;-)
From 'man resolv.conf' :
The domain and search keywords are mutually exclusive.
If more than one instance of these keywords is
present, the last instance wins.
So there is absolutely no point in adding the domain line, but you go
ahead and add it Louis, it is after all your computer ;-)
> >
> > hosts: files mdns4_minimal [NOTFOUND=return] dns
> This can cause problems, change to :
> hosts: files dns mdns4_minimal [NOTFOUND=return]
> ( or remove avahi-daemon and remove the part mdns4.. [NOT.. )
Totally agree, this should be changed and if you are forced to use
'.local' you definitely should remove Avahi.
> > KEYTABS
> > I have now have three version of the machine keytab. Each one
> > was put in /var/lib/samba/private/secrets.keytab but never
> > solve the problem.
OK, /etc/krb5.keytab != /var/lib/samba/private/secrets.keytab
They are used for different things, so unless you have something that
requires /etc/krb5.keytab, you can remove it.
Not sure if this help, but you could try checking the
'msDS-SupportedEncryptionTypes' attribute of your computers in AD.
Rowland
More information about the samba
mailing list