[Samba] Moving Samba AD DC from one VM host to another: Preauthentication failed
dcardon at tranquil.it
Fri Jun 14 13:51:07 UTC 2019
> I'm trying to move my current Samba AD DC VM from EXSi vSphere to
> XenServer (XCP-NG).
> I was able to export the VM to .OVA file & import it into XCP-NG fine.
> I was able to open ADUC & the DNS manager in Windows without an issue.
> But my web server had a lot of these errors in the log & couldn't mount
> the SMB shares from the file server:
> kerberos_kinit_password <HOSTNAME> failed: Preauthentication failed
> Maybe the web server changed it's password in between the export &
> import (it was a few days).
> Does it just need to leave & rejoin the domain?
> Or is there anything else I need to do on the DC after importing it into
> the new host?
Like Windows desktop, Winbind changes its shared secret on a regular
basis (I think it is two weeks for winbind, 4 weeks for Windows
desktops). So if you had your DC running during the transfert, the
secret might well have changed.
If you have to do that again later, when switching server, you should
stop samba service, the copy over the uptodate /var/lib/samba from the
old VMWare VM to the new Xenserver VM in order not to lose any updated
For your web server, rejoining should to the trick.
> Both the DC & web server are on:
> Samba version: 4.7.6
> CentOS: 7.5.1804
I encourage you to update on latest 4.9 at least. Samba 4.7 is not
supported anymore, and actually there has been big improvement in
performance and stability, notably bind-dlz which is working much better.
> Thanks for any help.
12 avenue Jules Verne (Bat. A)
44230 Saint Sébastien sur Loire (FRANCE)
tel : +33 (0) 240 975 755
Tranquil IT recrute! https://www.tranquil.it/nous-rejoindre/
Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr
More information about the samba