[Samba] AD integration not working after move/version

Henrik Johansson henrikj at henkis.net
Sat Mar 18 16:49:31 UTC 2017

Hi Rowland and thanks for your reply,

> On 18 Mar 2017, at 16:54, Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Sat, 18 Mar 2017 16:06:28 +0100
> Henrik Johansson via samba <samba at lists.samba.org> wrote:
>> Hi!
>> I am in a bit of trouble, I have moved a samba installation from one
>> virtual host to another keeping the configuration files and
>> filesystems. But during the transition something broke, now windows
>> users are no longer able to access their shares. I think it has to do
>> with the AD integration. I do not know it it because some state is
>> missing on this host related to the AD integration or if something
>> has changed since the version of samba is higher on the new host. We
>> have the same set of private files also (passed.tbd and secrets.tbd).
>> Old version was 3.5.8 and the new version on the virtual host that
>> does not work is 3.6.25.
> What OS is this on ?
> Can you upgrade to a Samba version that is not EOL ?

Short summary; this is on a old Solaris 10 system, the virtual host is a Solaris zone, or two instance of the zone on two hosts for failover. The config is years old and I had no part in this, but we needed to upgrade Solaris Oracle has only managed to release 3.5.8 or something close to that as patches. I could of course compile my own version or something but Samba was not the scope for this operation, it just stopped working which is a huge problem, and it can be because we needed to switch to the other zone or because the config did not work with this slightly newer version.

>> Any ides on how to debug this is helpful, I know very little about AD
>> integration, perhaps the virtual host needs to join the domain again
>> and authenticate, can I check the status of the integration in any
>> way?
> You will probably need to join the new domain member again.

I’m trying, and getting: 

kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in Kerberos database
Failed to join domain: failed to connect to AD: Server not found in Kerberos database

>> # Global parameters
>> [global]
>>        log file = /var/samba/log/clientlog.%m
>>        dns proxy = No
>>        acl check permissions = False
>>        netbios aliases = string1
>>        server string = string1
>>        name resolve order = hosts bcast
>>        realm = DOMAIN.NET
>>        password server = server3.string1.net sever4.string1.net
>> #       wins server = x.x.x.x
>>        local master = no
>>        workgroup = WGNAME
>>        os level = 0
>>        domain master = no
>>        encrypt passwords = yes
>>        security = DOMAIN
> Try changing 'security = DOMAIN' to 'security = ADS'
> Are you running winbind or are you using something else for
> authentication ?

I am under the impression that it’s kerberos.

> Rowland
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list