[Samba] macOS 10.13.6 error joining to Samba 4.8.3

Phillip Potter phil at philpotter.co.uk
Fri Jul 27 23:10:33 UTC 2018


Dear All,

I have recently setup a completely new AD domain on my Linux server, running Samba 4.8.3. From the server, I can authenticate via kerberos and get users and groups through winbind etc. When I try to join a freshly installed Mac running macOS 10.13.6, I receive the error:
"Unable to add server. Authentication server failed to completed the requested operation. (5103)"

The Mac has a local IP address of 192.168.0.107, and its hostname is set to potterbook.

On the Mac, no log entries at all occur to indicate what this might be.

On the Linux machine, the only logs that seem to get written are in /var/log/samba/mit_kdc.log:
"Jul 27 23:53:09 pathfinder krb5kdc[6597](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.0.107: NEEDED_PREAUTH: Administrator at POTTERNET.LAN for krbtgt/POTTERNET.LAN at POTTERNET.LAN, Additional pre-authentication required
Jul 27 23:53:09 pathfinder krb5kdc[6597](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.0.107: ISSUE: authtime 1532731989, etypes {rep=18 tkt=18 ses=18}, Administrator at POTTERNET.LAN for krbtgt/POTTERNET.LAN at POTTERNET.LAN
Jul 27 23:53:09 pathfinder krb5kdc[6597](info): TGS_REQ (4 etypes {18 17 16 23}) 192.168.0.107: ISSUE: authtime 1532731989, etypes {rep=18 tkt=18 ses=18}, Administrator at POTTERNET.LAN for ldap/pathfinder.potternet.lan at POTTERNET.LAN
Jul 27 23:53:09 pathfinder krb5kdc[6597](info): closing down fd 20
Jul 27 23:53:09 pathfinder krb5kdc[6597](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.0.107: NEEDED_PREAUTH: Administrator at POTTERNET.LAN for krbtgt/POTTERNET.LAN at POTTERNET.LAN, Additional pre-authentication required
Jul 27 23:53:09 pathfinder krb5kdc[6597](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.0.107: ISSUE: authtime 1532731989, etypes {rep=18 tkt=18 ses=18}, Administrator at POTTERNET.LAN for krbtgt/POTTERNET.LAN at POTTERNET.LAN
Jul 27 23:53:09 pathfinder krb5kdc[6597](info): TGS_REQ (4 etypes {18 17 16 23}) 192.168.0.107: ISSUE: authtime 1532731989, etypes {rep=18 tkt=18 ses=18}, Administrator at POTTERNET.LAN for ldap/pathfinder.potternet.lan at POTTERNET.LAN
Jul 27 23:53:09 pathfinder krb5kdc[6597](info): closing down fd 20
Jul 27 23:53:10 pathfinder krb5kdc[6597](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.0.107: NEEDED_PREAUTH: Administrator at POTTERNET.LAN for krbtgt/POTTERNET.LAN at POTTERNET.LAN, Additional pre-authentication required
Jul 27 23:53:10 pathfinder krb5kdc[6597](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.0.107: ISSUE: authtime 1532731990, etypes {rep=18 tkt=18 ses=18}, Administrator at POTTERNET.LAN for krbtgt/POTTERNET.LAN at POTTERNET.LAN
Jul 27 23:53:10 pathfinder krb5kdc[6597](info): TGS_REQ (4 etypes {18 17 16 23}) 192.168.0.107: ISSUE: authtime 1532731990, etypes {rep=18 tkt=18 ses=18}, Administrator at POTTERNET.LAN for ldap/pathfinder.potternet.lan at POTTERNET.LAN
Jul 27 23:53:10 pathfinder krb5kdc[6597](info): closing down fd 20
Jul 27 23:53:10 pathfinder krb5kdc[6597](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.0.107: NEEDED_PREAUTH: Administrator at POTTERNET.LAN for krbtgt/POTTERNET.LAN at POTTERNET.LAN, Additional pre-authentication required
Jul 27 23:53:10 pathfinder krb5kdc[6597](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.0.107: ISSUE: authtime 1532731990, etypes {rep=18 tkt=18 ses=18}, Administrator at POTTERNET.LAN for krbtgt/POTTERNET.LAN at POTTERNET.LAN
Jul 27 23:53:10 pathfinder krb5kdc[6597](info): TGS_REQ (4 etypes {18 17 16 23}) 192.168.0.107: ISSUE: authtime 1532731990, etypes {rep=18 tkt=18 ses=18}, Administrator at POTTERNET.LAN for ldap/pathfinder.potternet.lan at POTTERNET.LAN
Jul 27 23:53:10 pathfinder krb5kdc[6597](info): closing down fd 20
Jul 27 23:53:11 pathfinder krb5kdc[6597](info): TGS_REQ (4 etypes {18 17 16 23}) 192.168.0.107: ISSUE: authtime 1532731990, etypes {rep=18 tkt=18 ses=18}, Administrator at POTTERNET.LAN for kadmin/changepw at POTTERNET.LAN
Jul 27 23:53:11 pathfinder krb5kdc[6597](info): closing down fd 20"

I would most appreciate any guidance on where I'm going wrong, I really need this to work. Happy to provide more detail if needed. Many thanks.

Regards,
Phil Potter



More information about the samba mailing list