[Samba] AD integration not working after move/version
henrikj at henkis.net
Sat Mar 18 16:49:31 UTC 2017
Hi Rowland and thanks for your reply,
> On 18 Mar 2017, at 16:54, Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Sat, 18 Mar 2017 16:06:28 +0100
> Henrik Johansson via samba <samba at lists.samba.org> wrote:
>> I am in a bit of trouble, I have moved a samba installation from one
>> virtual host to another keeping the configuration files and
>> filesystems. But during the transition something broke, now windows
>> users are no longer able to access their shares. I think it has to do
>> with the AD integration. I do not know it it because some state is
>> missing on this host related to the AD integration or if something
>> has changed since the version of samba is higher on the new host. We
>> have the same set of private files also (passed.tbd and secrets.tbd).
>> Old version was 3.5.8 and the new version on the virtual host that
>> does not work is 3.6.25.
> What OS is this on ?
> Can you upgrade to a Samba version that is not EOL ?
Short summary; this is on a old Solaris 10 system, the virtual host is a Solaris zone, or two instance of the zone on two hosts for failover. The config is years old and I had no part in this, but we needed to upgrade Solaris Oracle has only managed to release 3.5.8 or something close to that as patches. I could of course compile my own version or something but Samba was not the scope for this operation, it just stopped working which is a huge problem, and it can be because we needed to switch to the other zone or because the config did not work with this slightly newer version.
>> Any ides on how to debug this is helpful, I know very little about AD
>> integration, perhaps the virtual host needs to join the domain again
>> and authenticate, can I check the status of the integration in any
> You will probably need to join the new domain member again.
I’m trying, and getting:
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in Kerberos database
Failed to join domain: failed to connect to AD: Server not found in Kerberos database
>> # Global parameters
>> log file = /var/samba/log/clientlog.%m
>> dns proxy = No
>> acl check permissions = False
>> netbios aliases = string1
>> server string = string1
>> name resolve order = hosts bcast
>> realm = DOMAIN.NET
>> password server = server3.string1.net sever4.string1.net
>> # wins server = x.x.x.x
>> local master = no
>> workgroup = WGNAME
>> os level = 0
>> domain master = no
>> encrypt passwords = yes
>> security = DOMAIN
> Try changing 'security = DOMAIN' to 'security = ADS'
> Are you running winbind or are you using something else for
> authentication ?
I am under the impression that it’s kerberos.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba