[Samba] Why is smbd looking for Kerberos principal cifs/host at DOMB when it is a member of DOMA?
rpenny at samba.org
Wed Nov 20 09:02:10 UTC 2019
On 20/11/2019 08:26, L.P.H. van Belle via samba wrote:
> Your config looks ok, as far i can tell.
> This : "cifs/kvm7246-vm022.maas.local at TC84.LOCAL"
> As it should spn/hostname.fqdn at REALM nothing wrong with that.
> But if i understand it right.
> Your server : kvm7246-vm022.maas.local is in REALM : TC83.LOCAL ( NTDOM:TC83 )
I have been looking at this thinking 'should I reply' and after that I
think I must ;-)
The server with the FQDN of kvm7246-vm022.maas.local cannot be in the
REALM TC84.LOCAL, it would have to be kvm7246-vm022.tc84.local
I think you have a configuration error somewhere, I would start with
kerberos method = secrets and keytab
logging = systemd
realm = TC83.LOCAL
security = ADS
template homedir = /home/%U@%D
template shell = /bin/bash
winbind offline logon = Yes
winbind refresh tickets = Yes
workgroup = TC83
idmap config * : range = 1000000-19999999
idmap config * : backend = autorid
path = /srv/test
valid users = "@tc83.local\domain users" "@tc84.local\domain users"
I wouldn't use 'valid users', but if you must it should be like this:
valid users = '@TC83\domain users' 'TC84\domain users'
More information about the samba