[Samba] Failed to establish your Kerberos Ticket cache due time differences with the domain controller
Rowland Penny
rpenny at samba.org
Sat Jul 21 16:22:21 UTC 2018
On Sat, 21 Jul 2018 17:09:12 +0100
Roy Eastwood via samba <samba at lists.samba.org> wrote:
> >
> > Strange, you say the time is okay, but the error says it isn't.
> >
> > Try this, open a terminal on both DC's, run 'date' and 'samba-tool
> > time' on both. The results should be virtually the same.
> >
> > e.g.
> > root at dc4:~# samba-tool time
> > Sat Jul 21 16:47:43 2018 BST
> > root at dc4:~# date
> > Sat 21 Jul 16:47:46 BST 2018
> >
> > Rowland
> >
> Interesting...
>
> On the pi-dc (the one with the error) I get the following:
> As root:
> root at pi-dc:~# samba-tool time
> Sat Jul 21 16:55:20 2018 BST
> root at pi-dc:~# date
> Sat 21 Jul 16:55:22 BST 2018
> root at pi-dc:~#
>
> OK, that's good.
>
> As roy: (AD user)
> MICROLYNX\roy at pi-dc:~ $ samba-tool time
> ldb: Unable to open tdb '/usr/local/samba/private/secrets.ldb':
> Permission denied ldb: Failed to connect to
> '/usr/local/samba/private/secrets.ldb' with backend 'tdb': Unable to
> open tdb '/usr/local/samba/private/secrets.ldb': Permission denied
> Could not find machine account in secrets database: Failed to fetch
> machine account password from secrets.ldb: Could not open secrets.ldb
> and failed to open /usr/local/samba/private/secrets.tdb:
> NT_STATUS_CANT_ACCESS_DOMAIN_INFO Sat Jul 21 16:56:00 2018 BST
> MICROLYNX\roy at pi-dc:~ $ date Sat 21 Jul 16:56:10 BST 2018
>
> Maybe expected as roy doesn't have access to the 'private' folder?
>
> On debian-vb, I get the following:
> As roy:
> MICROLYNX\roy at debian-vb:~$ samba-tool time
> ldb: Unable to open tdb '/usr/local/samba/private/secrets.ldb':
> Permission denied ldb: Failed to connect to
> '/usr/local/samba/private/secrets.ldb' with backend 'tdb': Unable to
> open tdb '/usr/local/samba/private/secrets.ldb': Permission denied
> Could not find machine account in secrets database: Failed to fetch
> machine account password from secrets.ldb: Could not open secrets.ldb
> and failed to open /usr/local/samba/private/secrets.tdb:
> NT_STATUS_CANT_ACCESS_DOMAIN_INFO ERROR(runtime): uncaught exception
> - (-1073741823, "Connection to SRVSVC pipe of server
> 'debian-vb.microlynx.org' failed: NT_STATUS_UNSUCCESSFUL") File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 176, in _run return self.run(*args, **kwargs) File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/nettime.py",
> line 59, in run self.outf.write(net.time(server_name)+"\n")
> MICROLYNX\roy at debian-vb:~$ date Sat 21 Jul 16:56:58 BST 2018
>
> As root:
> root at debian-vb:~# samba-tool time
> ERROR(runtime): uncaught exception - (-1073741823, "Connection to
> SRVSVC pipe of server 'debian-vb.microlynx.org' failed:
> NT_STATUS_UNSUCCESSFUL") File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 176, in _run return self.run(*args, **kwargs) File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/nettime.py",
> line 59, in run self.outf.write(net.time(server_name)+"\n")
> root at debian-vb:~# date Sat 21 Jul 17:01:21 BST 2018
>
> So it would seem there's something amiss with the original dc
> (debian-vb)!
>
> Roy
>
>
Try restarting Samba on 'debian-vb'.
If this doesn't help, try 'samba-tool dbcheck' and compare the two DC's
with 'samba-tool ldapcmp'
Rowland
More information about the samba
mailing list