[Samba] unable to mount nfs4v over krb5 after samba upgrade.

Rowland Penny rpenny at samba.org
Mon Dec 17 10:02:55 UTC 2018

On Mon, 17 Dec 2018 13:22:49 +0530
VigneshDhanraj G <vigneshdhanraj.g at gmail.com> wrote:

> Hi Rowland,
> Still issue persists, i have removed passdb backend option from my smb
> config. i haven't found any passdb.tdb file in private folder. i only
> see smbpasswd file. whether passwd.tdb file will create automatically?
> I have created one more setup with samba 4.7 installed to check there
> is issue in my environment, everything works fine there.
> Whats the change causing this problem, i guess definitely samba
> upgrade causing issue, not my environment.
> Please help me out.

Certainly, which way did you come in ? ;-)

I take it you now have a smb.conf that looks similar to this:

 Workgroup= VIKY
 netbios name= viky
 realm= VIKY.LOCAL
 security= ADS

 idmap config *: backend= tdb
 idmap config *: range= 10000000-19999999
 idmap config VIKY: backend= rid
 idmap config VIKY: range = 5000-9999999

 dns proxy= no
 template shell= /bin/sh
 dedicated keytab file = /etc/krb5.keytab
 kerberos method= secrets and keytab

 map to guest= Bad User
 printcap name= lpstat
 max smbd processes= 500
 syslog= 0
 use sendfile= yes
 max log size= 50
 state directory= /mnt/system/samba/system
 ntlm auth= Yes
 winbind expand groups= 1
 winbind refresh tickets = Yes

 vfs objects = acl_xattr
 map acl inherit = Yes

I can see one potential problem, your workgroup name is the same as
your netbios name, You will have two domains (not counting the '*'
domain), a local domain and an active directory domain, they cannot
have the same name. For an example, if I run 'net getdomainsid' on a
Unix domain member, I get this:

rowland at devstation:~$ sudo net getdomainsid
SID for local machine DEVSTATION is: S-1-5-21-1108792384-1865707183-3144552696
SID for domain SAMDOM is: S-1-5-21-1768301897-3342589593-1064908849

What is your actual AD domain name ?
If it is 'VIKY', I would leave the AD domain, rename your client and
then join again.


More information about the samba mailing list