[Samba] Samba4 Kerberos Authentication Error

Rowland Penny rpenny at samba.org
Wed Dec 5 20:10:16 UTC 2018


On Wed, 5 Dec 2018 14:52:37 -0500
Marco Shmerykowsky PE via samba <samba at lists.samba.org> wrote:

> 
> On 12/5/2018 1:27 PM, Rowland Penny via samba wrote:
> > On Wed, 5 Dec 2018 13:00:38 -0500
> > Marco Shmerykowsky PE via samba <samba at lists.samba.org> wrote:
> > 
> >>> Are you using the OS's Samba packages ?
> >>> If so, you should be aware that they are deemed experimental and
> >>> do not fully work, they have problems and this could be another
> >>> one of them.
> >>>
> >>> Rowland
> >>>
> >>
> >> I was not aware of that.  Suggestions?
> >>
> > 
> > Note that your problem could be down to the OS Samba packages that
> > use MIT instead of Heimdal, then again it might not be. Having said
> > that, because the OS Samba packages are deemed experimental, I
> > wouldn't use them in production, there are several things that just
> > do not work as expected.
> > 
> > You options are a bit limited, find Samba packages for your OS that
> > use Heimdal (Sernet ?), compile Samba yourself or use another OS
> > (which will probably be from the Debian family).
> > 
> > Rowland
> >   
> 
> That sucks.  I'm assuming Centos has the same problems?

No, Centos has an even bigger problem. As you are probably aware,
Centos is rebuilt from RHEL, Red-Hat has announced that there will
never be a Samba AD DC on RHEL, this means there will never be a Samba
AD DC on Centos, well not using OS packages anyway.
 
> 
> Does this essentially mean that I need to move all my servers
> (which are NT4 domains) over to a new distribution prior to
> implementing an Active Directory structure on Samaba?

Unless you can find Samba RPMs that will provision as a DC, or are
willing to compile it yourself, then yes, it does look like you will
have to change OS.

> 
> What is the best distribution to use for a small office?

I use Devuan, which is Debian without systemd, or there is Ubuntu,
18.04 is an LTS. If you use any of these, they all can be provisioned
as a DC and if you want/need up to date Samba versions, these are
available from here: http://apt.van-belle.nl/

Rowland







More information about the samba mailing list