[Samba] macOS 10.13.6 error joining to Samba 4.8.3
phil at philpotter.co.uk
Sat Jul 28 07:40:02 UTC 2018
On Sat, Jul 28, 2018 at 11:40:26AM +1200, Andrew Bartlett wrote:
> On Sat, 2018-07-28 at 00:10 +0100, Phillip Potter via samba wrote:
> > Dear All,
> > I have recently setup a completely new AD domain on my Linux server, running Samba 4.8.3. From the server, I can authenticate via kerberos and get users and groups through winbind etc. When I try to join a freshly installed Mac running macOS 10.13.6, I receive the error:
> > "Unable to add server. Authentication server failed to completed the requested operation. (5103)"
> > The Mac has a local IP address of 192.168.0.107, and its hostname is set to potterbook.
> > On the Mac, no log entries at all occur to indicate what this might be.
> > On the Linux machine, the only logs that seem to get written are in /var/log/samba/mit_kdc.log:
> Did you build Samba with MIT Kerberos support or use package so built?
> If not, then perhaps you have the wrong KDC started, just start Samba
> and it will handle the rest.
> If that isn't it, try re-building the AD DC without MIT Kerberos, we
> have some reports of issues in this area, and it would provide a point
> of comparison we can investigate.
> Andrew Bartlett
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Dear Andrew, thanks for your reply.
I just used the package from my distro, Fedora 28. Running an ldd and checking the package manager tells me that it is indeed built against MIT Kerberos. The KDC is already started by the samba systemd unit file, no other KDC is started erroneously.
I will build samba myself without MIT Kerberos on a fresh VM with the same dependencies as soon as I am able (likely in the next day or two) and get back to you if it works.
More information about the samba