[Samba] Kerberos fails in some cases

Sergio Belkin sebelk at gmail.com
Mon Mar 25 23:33:44 UTC 2019 

El lun., 25 mar. 2019 a las 19:41, Sergio Belkin (<sebelk at gmail.com>)
escribió:

> Hi folks,
> I can use kerberos to create or delete user, eg:
>
> samba-tool user create test -k yes
>
> however, if I want to perform a backup it fails:
>
> samba-tool domain backup online --targetdir=/srv/backup
> --server=192.168.50.40 -k yes
> gensec_spnego_create_negTokenInit_step: Failed to setup SPNEGO
> negTokenInit request
> Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
> Failed to connect to 'ldap://192.168.50.40' with backend 'ldap': LDAP
> client internal error: NT_STATUS_INVALID_PARAMETER
> ERROR(ldb): uncaught exception - LDAP client internal error:
> NT_STATUS_INVALID_PARAMETER
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 177, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
> line 228, in run
>     dns_backend='SAMBA_INTERNAL', targetdir=tmpdir)
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1509, in
> join_clone
>     include_secrets=include_secrets)
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1584, in
> __init__
>     dns_backend=dns_backend)
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 98, in
> __init__
>     credentials=ctx.creds, lp=ctx.lp)
>   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 64, in
> __init__
>     options=options)
>   File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 115, in
> __init__
>     self.connect(url, flags, options)
>   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 79, in
> connect
>     options=options)
>
> What could be wrong?
>
> I use samba 4.9.3 on Debian (Van Belle repo)
>
> Thanks in advance!
>
> --
> --
> Sergio Belkin
> LPIC-2 Certified - http://www.lpi.org
>


I've found that is an error using IP address with kerberos, that's wrong,
anyway, if I use hostname it prompts me for the password:

samba-tool domain backup online --targetdir=/srv/backup --server=
samba4.example.com  -k yes -d3
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
resolve_lmhosts: Attempting lmhosts lookup for name samba4.example.com<0x20>
Password for [EXAMPLE\root]:

Don't understand why it cannot resolv samba4.example.com, because it can
outside of this command....

Please could you help me?


-- 
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org

More information about the samba mailing list