[Samba] smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"
Arcadie Cracan
arcadiec at gmail.com
Mon Feb 26 11:07:36 UTC 2018
Dear Rowland,
I have no firewall enabled and no apparmor installed:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I have tried the suggested options in named.conf.options, nothing changed.
I have found the following message in my 'log.samba':
GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text):
Failed to find LOTUS$@INTRA.DAM-APPLICATION.RO(kvno 2) in keytab FILE:/var/
lib/samba/private/secrets.keytab (aes256-cts-hmac-sha1-96)
Does it tell you anything?
I have looked in my /var/lib/samba/private/secrets.keytab and I do have that
entry...
Kind regards,
Arcadie Cracan
În ziua de luni, 26 februarie 2018, la 12:54:20 EET, Rowland Penny via samba a
scris:
> On Mon, 26 Feb 2018 12:27:56 +0200
>
> Arcadie Cracan <arcadiec at gmail.com> wrote:
> > Dear Rowland,
> >
> > I have commented out the 'idmap config' options, nothing changed.
> > Here are my bind9 configs:
>
> > /etc/bind/named.conf:
> Nothing wrong there
>
> > /etc/bind/named.conf.options:
> > options {
> >
> > directory "/var/cache/bind";
> > recursion yes;
> > allow-query { goodclients; };
> > tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> > tkey-domain "INTRA.DAM-APPLICATION.RO";
> >
> > forwarders {
> >
> > 213.154.124.1;
> > 193.231.252.1;
> >
> > };
> >
> > dnssec-enable yes;
> > dnssec-validation yes;
>
> I have this instead:
>
> dnssec-validation no;
> dnssec-enable no;
> dnssec-lookaside no;
>
> > auth-nxdomain no; # conform to RFC1035
> > listen-on-v6 { none; };
> >
> > };
>
> > /etc/bind/named.conf.default-zones:
> Nothing wrong there
>
> > /var/lib/samba/private/named.conf:
> Nothing wrong there
>
> Is Apparmor running or is a firewall running ?
>
> Rowland
More information about the samba
mailing list