[Samba] Login to AD Member Fail

Rowland Penny rpenny at samba.org
Wed Jun 27 13:43:46 UTC 2018


On Wed, 27 Jun 2018 15:27:43 +0200
basti via samba <samba at lists.samba.org> wrote:

> On 27.06.2018 15:17, Rowland Penny via samba wrote:
> 
> > What is in /etc/krb5.conf ?
> > 
> > Rowland
> > 
> I think there is a Problem with krb5.conf
> 
> Fileserver1
> 
> root at srv-031:~# cat /etc/krb5.conf
> [libdefaults]
>     default_realm = DOM.EXAMPLE.COM
>     dns_lookup_realm = false
>     dns_lookup_kdc = true

That is the default Samba krb5.conf

> 
> 
> Fileserver with login Error
> 
> 
> root at srv-007:/var/log/samba# cat /etc/krb5.conf
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
> 
> [libdefaults]
>     default_realm = DOM.EXAMPLE.COM
>     dns_lookup_realm = false
>     dns_lookup_kdc = true
>     ticket_lifetime = 24h
>     forwardable = yes
> 
> [realms]
>  DOM.EXAMPLE.COM = {
>   kdc = dc1.dom.example.com:88
>   admin_server = dc1.dom.example.com:749
>   default_domain = example.com
>  }
> 
> [domain_realm]
>  .EXAMPLE.COM = EXAMPLE.COM
>  EXAMPLE.COM = EXAMPLE.COM

And that is the default OS krb5.conf.
It should work though, it contains the same info as the Samba one.
You could try changing it to match the working fileserver.
I would also compare the dns files (/etc/hosts, /etc/resolv.conf and
the global portion of smb.conf) to see if there is any differences.

Rowland
 




More information about the samba mailing list