[Samba] Winbind Craziness
Rowland Penny
rpenny at samba.org
Wed Aug 1 07:09:35 UTC 2018
On Tue, 31 Jul 2018 21:48:29 +0000 (UTC)
ray klassen <julius_ahenobarbus at yahoo.co.uk> wrote:
> so I'm going to ramble a bit because I need help desperately and I'm
> slogging away on my own, but something I say might give someone an
> idea. This whole thing seem to revolve around kerberos kvno's and
> machine password changes. couple of days after violently recreating
> the server people start to not be able to connect. today's debugging
> turned up a mismatch between the kvno supplied by the keytab and the
> one apparently required by smbd or winbindd or both. at present i've
> opted for
>
> machine password timeout = 0 in smb.conf
> and
>
> @weekly /usr/bin/net ads changetrustpw ; /usr/bin/net ads keytab
> create -P in root's crontab
> hopefully this will make a difference...
>
> On Tuesday, 31 July 2018, 10:31:23 GMT-7, ray klassen via samba
> <samba at lists.samba.org> wrote:
> Failed to find cifs/madmain at LAND.SUPERORG.COM(kvno 5) in keytab
> MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
>
> so far nothing works forever.
> the above error happens when the pc's are unable to connect to shares
> net leave/join fixes the problem temporarily.
>
>
> seems to relate to
>
> [Samba] Failed to find cifs/foo.bar in keytab MEMORY:cifs_srv_keytab
> (arcfour-hmac-md5)]
>
>
>
>
>
>
>
> On Monday, 30 July 2018, 10:07:16 GMT-7, ray klassen via samba
> <samba at lists.samba.org> wrote:
>
> thanks for your response.
> Obviously lmhosts is not part of the equation anymore.
> But I copied/pasted from something that worked to something that
> didn't( I thought of clarifying this in a following email but didn't)
> If there is no /etc/lmhosts I'm sure nothing will suffer for having
> that parameter. DNS has been examined and re-examined. All the tests
> described in the wiki have been performed and results are exactly
> what is expected. Still trying to shoot this down. It's elusive. I
> have windows clients who connect to shares and are presented with a
> username password dialogue. Tentatively, it appears that simply
> running winbind -tP solves the problem for them. So as a test I have
> an hourly cron job that runs that on the server.
>
> On Saturday, 28 July 2018, 01:29:06 GMT-7, Rowland Penny via
> samba <samba at lists.samba.org> wrote:
> On Fri, 27 Jul 2018 21:25:04 +0000 (UTC)
> ray klassen via samba <samba at lists.samba.org> wrote:
>
> > so I had some time to follow this bunny trailand found that even
> > though all the other servers had no problems this one continued
> > to.Every so often a new computer couldn't connect and then it would
> > be all better after a net leave/net join. Net join would not work
> > without -S <MyDC> in the command lineWhat I found out was that most
> > net rpc commands such as net rpc testjoin would also fail without -S
> > <MyDC> in the command linewhereas they would work find for any other
> > box. I also noticed that a tdbtool dump of secrets.tdb was pretty
> > nearly empty whereas other servers had lots of info.The difference
> > was in the smb.conf line "name resolve order"
> >
> > earlier I had taken the advice (the more fool me, I guess) of the
> > man page with recommends
> >
> > "name resolve order = wins bcast" in a AD environment.
> > when I changed it back to
> >
> > "name resolve order = lmhosts wins host bcast"
> >
>
> I think you should look at your dns ;-)
>
> I doubt whether you have a lmhosts file on the Samba server, so if you
> remove that, the line becomes 'wins host bcast' and the only
> difference between that and what you had, is 'host'.
>
> Rowland
>
>
I have reviewed this thread and we have received very little info to
work with. Yes, it is Samba 4.5.12 running on debian stretch, but how
is it running ?
Can you post the following files:
/etc/hostname
/etc/hosts
/etc/resolv.conf
/etc/krb5.conf
smb.conf
Also what is the DC ? Samba or Windows ?
Rowland
More information about the samba
mailing list