[Samba] AD member server, some users suddenly can only connect to shares via ip address
L.P.H. van Belle
belle at bazuin.nl
Thu Apr 25 13:33:26 UTC 2019
Hai,
Small addition to Rowland question.
> dig and dig -x show the expected results, as do nslookup on the windows
And you did test this again all you dns server? Or just random servers?
> keytab MEMORY:cifs_srv__keytab (aes256-cts-hmac-sha1-96)]
Did you check for the keytab list in on the member?
klist -ket
> On 2019/04/25 13:46, Rowland Penny via samba wrote:
> > No, the key error is that dns doesn't seem to be working, if you can
> > connect via ipaddress, then you are not using kerberos.
You get the prompt because you clients are trying NTLM auth..
But best advice i can give you, upgrade samba and that probem is fixed.
This is an old bug..
And same:
https://lists.samba.org/archive/samba/2015-July/193009.html
Fix was : written in smb.conf
kerberos method = dedicated keytab
changing to
kerberos method = secrets and keytab
https://lists.samba.org/archive/samba/2017-January/206132.html
Fix : firewall change on windows.
Greetz,
Louis
More information about the samba
mailing list