[Samba] smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"

Arcadie Cracan arcadiec at gmail.com
Mon Feb 26 11:07:36 UTC 2018


Dear Rowland,

I have no firewall enabled and no apparmor installed:
 # iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I have tried the suggested options in named.conf.options, nothing changed.

I have found the following message in my 'log.samba':
GSS server Update(krb5)(1) Update failed:  Miscellaneous failure (see text): 
Failed to find LOTUS$@INTRA.DAM-APPLICATION.RO(kvno 2) in keytab FILE:/var/
lib/samba/private/secrets.keytab (aes256-cts-hmac-sha1-96)

Does it tell you anything?

I have looked in my /var/lib/samba/private/secrets.keytab and I do have that 
entry...

Kind regards,
   Arcadie Cracan

În ziua de luni, 26 februarie 2018, la 12:54:20 EET, Rowland Penny via samba a 
scris:
> On Mon, 26 Feb 2018 12:27:56 +0200
> 
> Arcadie Cracan <arcadiec at gmail.com> wrote:
> > Dear Rowland,
> > 
> > I have commented out the 'idmap config' options, nothing changed.
> > Here are my bind9 configs:
> 
> > /etc/bind/named.conf:
> Nothing wrong there
> 
> > /etc/bind/named.conf.options:
> > options {
> > 
> >         directory "/var/cache/bind";
> >         recursion yes;
> >         allow-query { goodclients; };
> >         tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> >         tkey-domain "INTRA.DAM-APPLICATION.RO";
> >         
> >         forwarders {
> >         
> >                 213.154.124.1;
> >                 193.231.252.1;
> >         
> >         };
> >         
> >         dnssec-enable yes;
> >         dnssec-validation yes;
> 
> I have this instead:
> 
>         dnssec-validation no;
>         dnssec-enable no;
>         dnssec-lookaside no;
> 
> >         auth-nxdomain no;    # conform to RFC1035
> >         listen-on-v6 { none; };
> > 
> > };
> 
> > /etc/bind/named.conf.default-zones:
> Nothing wrong there
> 
> > /var/lib/samba/private/named.conf:
> Nothing wrong there
> 
> Is Apparmor running or is a firewall running ?
> 
> Rowland







More information about the samba mailing list