[Samba] AD authentication issue in Samba (kerberos errors)
Rowland Penny
rpenny at samba.org
Wed Mar 20 11:03:15 UTC 2019
On Wed, 20 Mar 2019 12:27:09 +0200
"linux.il via samba" <samba at lists.samba.org> wrote:
> I have CENTOS7 box with Samba 4.8.3-4 and SSSD 1.16.2-13,
> authentication against MS Win domain.
We don't actually support using a Samba Unix domain member with SSSD,
mainly because SSSD isn't a Samba product.
> - Recently, Active Directory authentication stopped working within
> Samba
> - Users who try to connect to reach the point of being prompted for AD
> credentials; failures happen afterward.
> - All flavors of client OS are affected: Windows, Mac and Linux (via
> smbclient).
> - There have been no configuration changes to the system
> (especially/notably smb.conf) in 3+ weeks
If this has just started happening, something must have changed.
> - AD and SSSD continue to work fine within the operating system
> itself (SSH to the server works, can query AD for group information
> via ‘getent group GROUP’, etc.).
Is winbind running ?
>
> I do see some Kerberos errors into Samba logs:
>
> [2019/03/20 09:43:48.594230, 0]
> ../source3/libads/kerberos_util.c:74(ads_kinit_password)
> kerberos_kinit_password LINUX$@EXAMPLE.COM failed: Preauthentication
> failed
>
> As far as I see from forum suggestions, linux box re-join to the
> domain should fix this issue, but I'm really don't like such manual
> workaround.
Please post your smb.conf
Rowland
More information about the samba
mailing list