[Samba] Samba4 Kerberos Authentication Error

Marco Shmerykowsky PE marco at sce-engineers.com
Wed Dec 5 18:00:38 UTC 2018 

On 12/5/2018 12:28 PM, Rowland Penny via samba wrote:
> On Wed, 5 Dec 2018 12:19:39 -0500
> Marco Shmerykowsky PE <marco at sce-engineers.com> wrote:
> 
>>
>>
>> --
>>
>> Marco J. Shmerykowsky, PE, F.ASCE
>> marco at sce-engineers.com
>>
>> -----------------------------------------
>>      Shmerykowsky Consulting Engineers
>>        Structural Analysis & Design
>>       102 West 38th Street, 2nd Floor
>>           New York, New York 10018
>> Tel. (212) 719-9700 Fax. (212) 719-4822
>>         http://www.sce-engineers.com
>> -----------------------------------------
>>
>> On 12/5/2018 12:11 PM, Rowland Penny via samba wrote:
>>> On Wed, 5 Dec 2018 11:33:01 -0500
>>> Marco Shmerykowsky PE via samba <samba at lists.samba.org> wrote:
>>>
>>>>
>>>> The Realm matches the DNS.
>>>>
>>>> hostname -d returns -> internal.company.com
>>>>
>>>> domain name is internal.company.com
>>>>
>>>> I can ping both internal.company.com and
>>>> machine254.internal.company.com both resolve to the IP of
>>>> MACHINE254
>>>>
>>>> I checked winbind using the commands on the following page & all
>>>> returned as expected.
>>>>
>>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Testing_the_Winbindd_Connectivity
>>>>
>>>
>>> You have never said what OS you are using, but check /etc/krb5.conf.
>>> Does it start with an 'include' line ?
>>> If so remove it
>>>
>>> Can you post the following files
>>>
>>> /etc/hostname
>>> /etc/hosts
>>> etc/resolv.conf
>>> /etc/krb5.conf
>>> /etc/nsswitch.conf
>>>
>>> Rowland
>>
>> Server: Fedora 29 with Samba 4.9.2
>> Client: Windows 10 version 1803 Build 17134.441
>>
>> /etc/hostname:
>>
>> machine254
>>
>> /etc/hosts:
>>
>> 127.0.0.1   localhost localhost.localdomain localhost4
>> localhost4.localdomain4
>> ::1         localhost localhost.localdomain localhost6
>> localhost6.localdomain6
>> 192.168.0.251   machine254.internal.company.com   machine254
>>
>> /etc/resolv.conf:
>>
>> # Generated by NetworkManager
>>
>> nameserver 192.168.0.251
>>
>> /etc/krb5.conf:
>>
>>           default_realm = INTERNAL.COMPANY.COM
>>
>>           dns_lookup_realm = false
>>
>>           dns_lookup_kdc = true
>>
>> /etc/nsswitch.conf:
>>
>> # Generated by authselect on Fri Jun  1 19:19:08 2018
>>
>> # Do not modify this file manually.
>>
>>   
>>
>> passwd:      sss files systemd winbind
>>
>> group:       sss files systemd winbind
>>
>> netgroup:   sss files
>>
>> automount:  sss files
>>
>> services:   sss files
>>
>> sudoers:    files sss
>>
>>   
>>
>> shadow:     files
>>
>> ethers:     files
>>
>> netmasks:   files
>>
>> networks:   files
>>
>> protocols:  files
>>
>> rpc:        files
>>
>> hosts:      files dns myhostname
>>
>>   
>>
>> aliases:    files nisplus
>>
>> bootparams: nisplus [NOTFOUND=return] files
>>
>> publickey:  nisplus
>>
>> ---
>> This email has been checked for viruses by AVG.
>> https://www.avg.com
>>
> 
> Are you using the OS's Samba packages ?
> If so, you should be aware that they are deemed experimental and do not
> fully work, they have problems and this could be another one of them.
> 
> Rowland
> 

I was not aware of that.  Suggestions?

More information about the samba mailing list