[Samba] samba AD member does not renew kerberos ticket [kerberos_kinit_password BONN$@DOMAIN.DE failed: Preauthentication failed]
Noël Köthe
noel.koethe at credativ.de
Sat Aug 11 14:30:42 UTC 2018
Hello Rowland,
Am Samstag, den 11.08.2018, 14:55 +0100 schrieb Rowland Penny via
samba:
> > idmap config DOMAIN:backend = ad
> > idmap config DOMAIN:schema_mode = rfc2307
> > idmap config DOMAIN:range = 500-40000
>
> Is 'DOMAIN' a typo ? or did you not bother 'sanitising' 'BFDI' above ?
I overlooked the workgroup entry when "sanitising". sorry for
confusing.
> > idmap_ldb use:rfc2307 = Yes
>
> Why have you got a line meant for a Samba AD DC in your Unix domain
> member smb.conf ?
Then it is not intended.
> > wins server = 10.1.1.72
> > dns proxy = yes
>
> You do not need the above two lines.
Thank you for the hint.
> > Sadly I have no idea what could be the problem.
> > I did a "net ads leave" and join but then 10 hours later the problem
> > is there again.
>
> This is undoubtedly a Kerberos problem, but apart for the slight
> problems I mentioned above, there doesn't seem to be much wrong.
OK. Thank you for this verification.
> You could check the time between the Client and DC, also check that the
> clients first nameserver is the DC.
I did this an they all run NTP and the clocks are accurate.
> If it is a Samba problem then you have little or no chance of getting
> it fixed, your version of Samba is EOL as far as Samba is concerned.
> You could consider using Louis Van Belle's repo from here:
>
> http://apt.van-belle.nl/
>
> This will get you a much more recent Samba version.
Thanks again. I will upgrade the system and samba.
--
Regards
Noël Köthe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba/attachments/20180811/eca893e8/signature.sig>
More information about the samba
mailing list