[Samba] Login to AD Member Fail
basti
mailinglist at unix-solution.de
Wed Jun 27 11:04:12 UTC 2018
Hello,
when I try to login to AD member via IP-Address from Windows Client it
works.
Login to AD Member from Windows Client via DNS Name fail.
Windows Errorcode: 0x80070035
Dc1: Samba 4.5.12+dfsg-2+deb9u2
AD Member: Samba 4.5.12+dfsg-2+deb9u2
winbindd.log (AD Member)
[2018/06/27 12:49:58.787087, 1]
../source3/winbindd/winbindd_pam.c:2567(winbindd_pam_auth_pac_send)
Error during PAC signature verification: NT_STATUS_UNSUCCESSFUL
[2018/06/27 12:50:17.766117, 1]
../source3/winbindd/winbindd_pam.c:2502(extract_pac_vrfy_sigs)
Failed to initialize kerberos context: Invalid argument
win-client.log (AD Member)
[2018/06/27 12:49:13.354207, 1]
../source3/printing/printer_list.c:234(printer_list_get_last_refresh)
Failed to fetch record!
[2018/06/27 12:49:13.354282, 1]
../source3/smbd/server_reload.c:69(delete_and_reload_printers)
pcap cache not loaded
smb.conf (AD Member)
security = ADS
workgroup = DOM
realm = DOM.EXAMPLE.COM
bind interfaces only = yes
interfaces = lo eth0
log file = /var/log/samba/%m.log
log level = 1
idmap config * : backend = tdb
idmap config * : range = 1000-1005
# idmap config for the DOM domain
idmap config KES:backend = ad
idmap config KES:schema_mode = rfc2307
idmap config KES:range = 1006-999999
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/users/%U
template shell = /bin/bash
winbind use default domain = yes
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
Login via smbclient works also.
Whats wrong?
Best Regards,
More information about the samba
mailing list