[Samba] Failed to establish your Kerberos Ticket cache due time differences with the domain controller
Rowland Penny
rpenny at samba.org
Sat Jul 21 17:59:08 UTC 2018
On Sat, 21 Jul 2018 18:30:48 +0100
Roy Eastwood via samba <samba at lists.samba.org> wrote:
> Thanks Rowland.
>
> > -----Original Message-----
> > From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of
> > Rowland Penny via samba
> > Sent: 21 July 2018 18:04
> > To: samba at lists.samba.org
> > Subject: Re: [Samba] Failed to establish your Kerberos Ticket cache
> > due time differences with the domain controller
> >
> > On Sat, 21 Jul 2018 17:36:14 +0100
> > Roy Eastwood via samba <samba at lists.samba.org> wrote:
> >
> > > >
> > > > Try restarting Samba on 'debian-vb'.
> > > > If this doesn't help, try 'samba-tool dbcheck' and compare the
> > > > two DC's with 'samba-tool ldapcmp'
> > > >
> > > > Rowland
> > > >
> > >
> > > OK, have tried that but no change. I used Louis' script:
> > > samba-check-db-repl.sh which includes samba-tool ldapcmp and
> > > samba-tool drs showrepl it passes both tests.
> > >
> > > Roy
> > >
> > >
> >
> > Did you run 'samba-tool dbcheck' ? Louis's script doesn't do this.
> >
> > Was this machine provisioned quite a few versions ago ? and then
> > updated in place ?
> > 'samba-tool time' was changed at sometime (cannot just when) and a
> > python module was replaced, but 'make install' did not remove the
> > old python script. Check if you have:
> >
> > '/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/time.py'
> >
> > If you have, delete it.
> >
> > Rowland
> >
> Sorry, yes I ,meant to say, I ran samba-tool dbcheck and initially it
> threw up some errors about deleted items (I had recently demoted a DC
> after the pi-dc was joined) but these were repaired with the --fix
> option. I tried the samba-tool time commands afterwards with the
> same result. I also had to clean up all the DNS records as the
> demote command doesn't tidy things up properly.
>
> Whist this is a new domain provision with v 4.8.3, the machine has
> had versions going back to 4.7.4 compiled and installed (albeit with
> different domains). I used make uninstall on the last version of
> samba before installing 4.8.3 if that makes any difference. I
> checked for that time.py file and it's not in that folder (or
> anywhere else according to find).
>
> Roy
>
>
No, it wouldn't have been there, 4.7.4 isn't old enough.
When you built Samba, did you have all the correct packages installed,
see here:
https://wiki.samba.org/index.php/Package_Dependencies_Required_to_Build_Samba#Debian_.2F_Ubuntu
Is Apparmor installed, or a firewall ?
Rowland
More information about the samba
mailing list