[Samba] Winbind Craziness

L.P.H. van Belle belle at bazuin.nl
Wed Aug 1 07:43:20 UTC 2018


Hai, 

In addition to Rowlands question. 

Can you run this script and post it to the list also. 
It gives a complete overview of what your running. 
Its basicly what Rowland asked, but with a few extra things. 

https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh 

And the output of: 
kinit Administrator
klist 
klist -ket /var/lib/samba/private/secrets.keytab


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland Penny via samba
> Verzonden: woensdag 1 augustus 2018 9:10
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Winbind Craziness
> 
> On Tue, 31 Jul 2018 21:48:29 +0000 (UTC)
> ray klassen <julius_ahenobarbus at yahoo.co.uk> wrote:
> 
> >  so I'm going to ramble a bit because I need help 
> desperately and I'm
> > slogging away on my own, but something I say might give someone an
> > idea. This whole thing seem to revolve around kerberos kvno's and
> > machine password changes. couple of days after violently recreating
> > the server people start to not be able to connect. today's debugging
> > turned up a mismatch between the kvno supplied by the keytab and the
> > one apparently required by smbd or winbindd or both. at present i've
> > opted for 
> > 
> > machine password timeout = 0 in smb.conf
> > and 
> > 
> > @weekly /usr/bin/net ads changetrustpw ; /usr/bin/net ads keytab
> > create -P in root's crontab
> > hopefully this will make a difference...
> > 
> >     On Tuesday, 31 July 2018, 10:31:23 GMT-7, ray klassen via samba
> > <samba at lists.samba.org> wrote: 
> >   Failed to find cifs/madmain at LAND.SUPERORG.COM(kvno 5) in keytab
> > MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
> > 
> > so far nothing works forever. 
> > the above error happens when the pc's are unable to connect 
> to shares
> > net leave/join fixes the problem temporarily.
> > 
> > 
> > seems to relate to 
> > 
> > [Samba] Failed to find cifs/foo.bar in keytab MEMORY:cifs_srv_keytab
> > (arcfour-hmac-md5)]
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> >     On Monday, 30 July 2018, 10:07:16 GMT-7, ray klassen via samba
> > <samba at lists.samba.org> wrote: 
> >  
> > thanks for your response. 
> > Obviously lmhosts is not part of the equation anymore. 
> > But I copied/pasted from something that worked to something that
> > didn't( I thought of clarifying this in a following email 
> but didn't)
> > If there is no /etc/lmhosts I'm sure nothing will suffer for having
> > that parameter. DNS has been examined and re-examined. All the tests
> > described in the wiki have been performed and results are exactly
> > what is expected. Still trying to shoot this down. It's elusive. I
> > have windows clients who connect to shares and are presented with a
> > username password dialogue. Tentatively, it appears that simply
> > running winbind -tP solves the problem for them. So as a test I have
> > an hourly cron job that runs that on the server.
> > 
> >     On Saturday, 28 July 2018, 01:29:06 GMT-7, Rowland Penny via
> > samba <samba at lists.samba.org> wrote: 
> >  On Fri, 27 Jul 2018 21:25:04 +0000 (UTC)
> > ray klassen via samba <samba at lists.samba.org> wrote:
> > 
> > >  so I had some time to follow this bunny trailand found that even
> > > though all the other servers had no problems this one continued
> > > to.Every so often a new computer couldn't connect and 
> then it would
> > > be all better after a net leave/net join. Net join would not work
> > > without -S <MyDC> in the command lineWhat I found out was 
> that most
> > > net rpc commands such as net rpc testjoin would also fail 
> without -S
> > > <MyDC> in the command linewhereas they would work find 
> for any other
> > > box. I also noticed that a tdbtool dump of secrets.tdb was pretty
> > > nearly empty whereas other servers had lots of info.The difference
> > > was in the smb.conf line "name resolve order" 
> > > 
> > > earlier I had taken the advice (the more fool me, I guess) of the
> > > man page with recommends 
> > > 
> > > "name resolve order = wins bcast" in a AD environment.
> > > when I changed it back to 
> > > 
> > > "name resolve order = lmhosts wins host bcast"
> > > 
> > 
> > I think you should look at your dns ;-)
> > 
> > I doubt whether you have a lmhosts file on the Samba 
> server, so if you
> > remove that, the line becomes 'wins host bcast' and the only
> > difference between that and what you had, is 'host'.
> > 
> > Rowland
> >  
> > 
> 
> I have reviewed this thread and we have received very little info to
> work with. Yes, it is Samba 4.5.12 running on debian stretch, but how
> is it running ?
> 
> Can you post the following files:
> 
> /etc/hostname
> /etc/hosts
> /etc/resolv.conf
> /etc/krb5.conf
> smb.conf
> 
> Also what is the DC ? Samba or Windows ?
> 
> Rowland
>  
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list