[Samba] Winbind Craziness
ray klassen
julius_ahenobarbus at yahoo.co.uk
Tue Jul 31 21:48:29 UTC 2018
so I'm going to ramble a bit because I need help desperately and I'm slogging away on my own, but something I say might give someone an idea.
This whole thing seem to revolve around kerberos kvno's and machine password changes. couple of days after violently recreating the server people start to not be able to connect. today's debugging turned up a mismatch between the kvno supplied by the keytab and the one apparently required by smbd or winbindd or both.
at present i've opted for
machine password timeout = 0 in smb.conf
and
@weekly /usr/bin/net ads changetrustpw ; /usr/bin/net ads keytab create -P
in root's crontab
hopefully this will make a difference...
On Tuesday, 31 July 2018, 10:31:23 GMT-7, ray klassen via samba <samba at lists.samba.org> wrote:
Failed to find cifs/madmain at LAND.SUPERORG.COM(kvno 5) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
so far nothing works forever.
the above error happens when the pc's are unable to connect to shares net leave/join fixes the problem temporarily.
seems to relate to
[Samba] Failed to find cifs/foo.bar in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
On Monday, 30 July 2018, 10:07:16 GMT-7, ray klassen via samba <samba at lists.samba.org> wrote:
thanks for your response.
Obviously lmhosts is not part of the equation anymore.
But I copied/pasted from something that worked to something that didn't( I thought of clarifying this in a following email but didn't)
If there is no /etc/lmhosts I'm sure nothing will suffer for having that parameter.
DNS has been examined and re-examined.
All the tests described in the wiki have been performed and results are exactly what is expected.
Still trying to shoot this down. It's elusive. I have windows clients who connect to shares and are presented with a username password dialogue. Tentatively, it appears that simply running winbind -tP solves the problem for them. So as a test I have an hourly cron job that runs that on the server.
On Saturday, 28 July 2018, 01:29:06 GMT-7, Rowland Penny via samba <samba at lists.samba.org> wrote:
On Fri, 27 Jul 2018 21:25:04 +0000 (UTC)
ray klassen via samba <samba at lists.samba.org> wrote:
> so I had some time to follow this bunny trailand found that even
> though all the other servers had no problems this one continued
> to.Every so often a new computer couldn't connect and then it would
> be all better after a net leave/net join. Net join would not work
> without -S <MyDC> in the command lineWhat I found out was that most
> net rpc commands such as net rpc testjoin would also fail without -S
> <MyDC> in the command linewhereas they would work find for any other
> box. I also noticed that a tdbtool dump of secrets.tdb was pretty
> nearly empty whereas other servers had lots of info.The difference
> was in the smb.conf line "name resolve order"
>
> earlier I had taken the advice (the more fool me, I guess) of the man
> page with recommends
>
> "name resolve order = wins bcast" in a AD environment.
> when I changed it back to
>
> "name resolve order = lmhosts wins host bcast"
>
I think you should look at your dns ;-)
I doubt whether you have a lmhosts file on the Samba server, so if you
remove that, the line becomes 'wins host bcast' and the only
difference between that and what you had, is 'host'.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list