[Samba] Samba 4.3.13 logon oddity on Solaris 10

Bernd Markgraf bernd.markgraf at med.ovgu.de
Mon Jul 2 13:26:02 UTC 2018

On Mon, 2018-07-02 at 11:55 +0100, Rowland Penny via samba wrote:
> > > kerberos method = system keytab # you shouldn't really have this.
> > 
> > Removed too. What's wrong with that line? My understanding was that
> > it tells samba to use the system's global keytab. I don't see much
> > harm in that?
> Because you should be using the default 'secrets.tdb', your setting
> had turned this off. You only need a separate keytab if there is
> something that needs it and, if so, you should use 'kerberos method =
> secrets and keytab'
Like the system's kerberos ;-) Changed that accordingly now

> > So now that I have a valid smb.conf - the initial problem persists.
> > How do I proceed to resolve this issue?
> Is there a firewall or similar getting in the way ?
No. Same subnet, no filtering.

> Is the output of 'net ads testjoin' 'Join is OK' ?
root.niihau /opt/samba4/var/log # net ads testjoin
Join is OK
root.niihau /opt/samba4/var/log # wbinfo -P
checking the NETLOGON for domain[MD-DZNE] dc connection to "md-svr-001-bsd.magdeburg.dzne.ds" succeeded
root.niihau /opt/samba4/var/log # wbinfo --own-domain   
root.niihau /opt/samba4/var/log # wbinfo --online-status 
BUILTIN : online
NIIHAU : online
MD-DZNE : online

And trying to map SID to UID fails just like the other tests.

root.niihau /opt/samba4/var/log # wbinfo -n markgrafb
S-1-5-21-823329394-1231227920-234269439-1202 SID_USER (1)
root.niihau /opt/samba4/var/log # wbinfo -S S-1-5-21-823329394-1231227920-234269439-1202

Still connecting to a share only works at the second attempt and wbinfo
and winbind as system logon fails consistently.


More information about the samba mailing list