[Samba] AD member server, some users suddenly can only connect to shares via ip address

L.P.H. van Belle belle at bazuin.nl
Thu Apr 25 13:33:26 UTC 2019


Small addition to Rowland question.

> dig and dig -x show the expected results, as do nslookup on the windows 
And you did test this again all you dns server? Or just random servers? 

> keytab MEMORY:cifs_srv__keytab (aes256-cts-hmac-sha1-96)]
Did you check for the keytab list in on the member? 
klist -ket

> On 2019/04/25 13:46, Rowland Penny via samba wrote:
> > No, the key error is that dns doesn't seem to be working, if you can
> > connect via ipaddress, then you are not using kerberos.
You get the prompt because you clients are trying NTLM auth.. 

But best advice i can give you, upgrade samba and that probem is fixed. 
This is an old bug.. 

And same: 
Fix was : written in smb.conf
kerberos method = dedicated keytab
changing to
kerberos method = secrets and keytab

Fix : firewall change on windows. 



More information about the samba mailing list