[Samba] Samba4 Kerberos Authentication Error

Rowland Penny rpenny at samba.org
Wed Dec 5 17:28:52 UTC 2018 

On Wed, 5 Dec 2018 12:19:39 -0500
Marco Shmerykowsky PE <marco at sce-engineers.com> wrote:

> 
> 
> --
> 
> Marco J. Shmerykowsky, PE, F.ASCE
> marco at sce-engineers.com
> 
> -----------------------------------------
>     Shmerykowsky Consulting Engineers
>       Structural Analysis & Design
>      102 West 38th Street, 2nd Floor
>          New York, New York 10018
> Tel. (212) 719-9700 Fax. (212) 719-4822
>        http://www.sce-engineers.com
> -----------------------------------------
> 
> On 12/5/2018 12:11 PM, Rowland Penny via samba wrote:
> > On Wed, 5 Dec 2018 11:33:01 -0500
> > Marco Shmerykowsky PE via samba <samba at lists.samba.org> wrote:
> > 
> >>
> >> The Realm matches the DNS.
> >>
> >> hostname -d returns -> internal.company.com
> >>
> >> domain name is internal.company.com
> >>
> >> I can ping both internal.company.com and
> >> machine254.internal.company.com both resolve to the IP of
> >> MACHINE254
> >>
> >> I checked winbind using the commands on the following page & all
> >> returned as expected.
> >>
> >> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Testing_the_Winbindd_Connectivity
> >>
> > 
> > You have never said what OS you are using, but check /etc/krb5.conf.
> > Does it start with an 'include' line ?
> > If so remove it
> > 
> > Can you post the following files
> > 
> > /etc/hostname
> > /etc/hosts
> > etc/resolv.conf
> > /etc/krb5.conf
> > /etc/nsswitch.conf
> > 
> > Rowland
> 
> Server: Fedora 29 with Samba 4.9.2
> Client: Windows 10 version 1803 Build 17134.441
> 
> /etc/hostname:
> 
> machine254
> 
> /etc/hosts:
> 
> 127.0.0.1   localhost localhost.localdomain localhost4 
> localhost4.localdomain4
> ::1         localhost localhost.localdomain localhost6 
> localhost6.localdomain6
> 192.168.0.251   machine254.internal.company.com   machine254
> 
> /etc/resolv.conf:
> 
> # Generated by NetworkManager 
> 
> nameserver 192.168.0.251
> 
> /etc/krb5.conf:
> 
>          default_realm = INTERNAL.COMPANY.COM 
> 
>          dns_lookup_realm = false 
> 
>          dns_lookup_kdc = true
> 
> /etc/nsswitch.conf:
> 
> # Generated by authselect on Fri Jun  1 19:19:08 2018 
> 
> # Do not modify this file manually. 
> 
>  
> 
> passwd:      sss files systemd winbind 
> 
> group:       sss files systemd winbind 
> 
> netgroup:   sss files 
> 
> automount:  sss files 
> 
> services:   sss files 
> 
> sudoers:    files sss 
> 
>  
> 
> shadow:     files 
> 
> ethers:     files 
> 
> netmasks:   files 
> 
> networks:   files 
> 
> protocols:  files 
> 
> rpc:        files 
> 
> hosts:      files dns myhostname 
> 
>  
> 
> aliases:    files nisplus 
> 
> bootparams: nisplus [NOTFOUND=return] files 
> 
> publickey:  nisplus
> 
> ---
> This email has been checked for viruses by AVG.
> https://www.avg.com
> 

Are you using the OS's Samba packages ?
If so, you should be aware that they are deemed experimental and do not
fully work, they have problems and this could be another one of them.

Rowland

More information about the samba mailing list