[Samba] Winbind Craziness

Rowland Penny rpenny at samba.org
Wed Aug 1 07:09:35 UTC 2018

On Tue, 31 Jul 2018 21:48:29 +0000 (UTC)
ray klassen <julius_ahenobarbus at yahoo.co.uk> wrote:

>  so I'm going to ramble a bit because I need help desperately and I'm
> slogging away on my own, but something I say might give someone an
> idea. This whole thing seem to revolve around kerberos kvno's and
> machine password changes. couple of days after violently recreating
> the server people start to not be able to connect. today's debugging
> turned up a mismatch between the kvno supplied by the keytab and the
> one apparently required by smbd or winbindd or both. at present i've
> opted for 
> machine password timeout = 0 in smb.conf
> and 
> @weekly /usr/bin/net ads changetrustpw ; /usr/bin/net ads keytab
> create -P in root's crontab
> hopefully this will make a difference...
>     On Tuesday, 31 July 2018, 10:31:23 GMT-7, ray klassen via samba
> <samba at lists.samba.org> wrote: 
>   Failed to find cifs/madmain at LAND.SUPERORG.COM(kvno 5) in keytab
> MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
> so far nothing works forever. 
> the above error happens when the pc's are unable to connect to shares
> net leave/join fixes the problem temporarily.
> seems to relate to 
> [Samba] Failed to find cifs/foo.bar in keytab MEMORY:cifs_srv_keytab
> (arcfour-hmac-md5)]
>     On Monday, 30 July 2018, 10:07:16 GMT-7, ray klassen via samba
> <samba at lists.samba.org> wrote: 
> thanks for your response. 
> Obviously lmhosts is not part of the equation anymore. 
> But I copied/pasted from something that worked to something that
> didn't( I thought of clarifying this in a following email but didn't)
> If there is no /etc/lmhosts I'm sure nothing will suffer for having
> that parameter. DNS has been examined and re-examined. All the tests
> described in the wiki have been performed and results are exactly
> what is expected. Still trying to shoot this down. It's elusive. I
> have windows clients who connect to shares and are presented with a
> username password dialogue. Tentatively, it appears that simply
> running winbind -tP solves the problem for them. So as a test I have
> an hourly cron job that runs that on the server.
>     On Saturday, 28 July 2018, 01:29:06 GMT-7, Rowland Penny via
> samba <samba at lists.samba.org> wrote: 
>  On Fri, 27 Jul 2018 21:25:04 +0000 (UTC)
> ray klassen via samba <samba at lists.samba.org> wrote:
> >  so I had some time to follow this bunny trailand found that even
> > though all the other servers had no problems this one continued
> > to.Every so often a new computer couldn't connect and then it would
> > be all better after a net leave/net join. Net join would not work
> > without -S <MyDC> in the command lineWhat I found out was that most
> > net rpc commands such as net rpc testjoin would also fail without -S
> > <MyDC> in the command linewhereas they would work find for any other
> > box. I also noticed that a tdbtool dump of secrets.tdb was pretty
> > nearly empty whereas other servers had lots of info.The difference
> > was in the smb.conf line "name resolve order" 
> > 
> > earlier I had taken the advice (the more fool me, I guess) of the
> > man page with recommends 
> > 
> > "name resolve order = wins bcast" in a AD environment.
> > when I changed it back to 
> > 
> > "name resolve order = lmhosts wins host bcast"
> > 
> I think you should look at your dns ;-)
> I doubt whether you have a lmhosts file on the Samba server, so if you
> remove that, the line becomes 'wins host bcast' and the only
> difference between that and what you had, is 'host'.
> Rowland

I have reviewed this thread and we have received very little info to
work with. Yes, it is Samba 4.5.12 running on debian stretch, but how
is it running ?

Can you post the following files:


Also what is the DC ? Samba or Windows ?


More information about the samba mailing list