[Samba] Can't join Linux host to AD - "Improper format of Kerberos configuration file"

Rowland penny rpenny at samba.org
Tue Jun 11 17:48:46 UTC 2019


On 11/06/2019 14:05, Andreas Habel via samba wrote:
> smb.conf:
>
> [global]
>          security = ADS
>          workgroup = IERLAB
>          realm = IERLAB.UX.UIS.NO
>
>          log file = /var/log/samba/%m.log
>          log level = 1
>
>          # Default ID mapping configuration for local BUILTIN accounts
>          # and groups on a domain member. The default (*) domain:
>          # - must not overlap with any domain ID mapping configuration!
>          # - must use a read-write-enabled back end, such as tdb.
>          idmap config * : backend = tdb
>          idmap config * : range = 3000-7999
>          # - You must set a DOMAIN backend configuration
>          # idmap config for the IERLAB domain
>          idmap config IERLAB:backend = ad
>          idmap config IERLAB:schema_mode = rfc2307
>          idmap config IERLAB:range = 10000-999999
>          idmap config IERLAB:unix_nss_info = yes
>
>          vfs objects = acl_xattr
>          map acl inherit = yes
>          store dos attributes = yes
>
>          # Template settings for login shell and home directory
>          template shell = /bin/bash
>          template homedir = /home/%U
>
Nothing wrong there either.

All I can suggest is that you delete the contents of /etc/krb5.conf and 
retype them again, check that your dns domain is ierlab.ux.uis.no , 
check that the first nameserver in /etc/resolv.conf points to an AD DC, 
check that 'hostname -s', 'hostname -f' produces the expected results.

Rowland





More information about the samba mailing list