[Samba] Why is smbd looking for Kerberos principal cifs/host at DOMB when it is a member of DOMA?
L.P.H. van Belle
belle at bazuin.nl
Wed Nov 20 09:27:33 UTC 2019
Good Morning Rowland.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland penny via samba
> Verzonden: woensdag 20 november 2019 10:02
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Why is smbd looking for Kerberos
> principal cifs/host at DOMB when it is a member of DOMA?
> On 20/11/2019 08:26, L.P.H. van Belle via samba wrote:
> > Your config looks ok, as far i can tell.
> > This : "cifs/kvm7246-vm022.maas.local at TC84.LOCAL"
> > As it should spn/hostname.fqdn at REALM nothing wrong with that.
> > But if i understand it right.
> > Your server : kvm7246-vm022.maas.local is in REALM :
> TC83.LOCAL ( NTDOM:TC83 )
> I have been looking at this thinking 'should I reply' and
> after that I think I must ;-)
If you think "should I reply" then yes please, always.. :-)
> The server with the FQDN of kvm7246-vm022.maas.local cannot be in the
> REALM TC84.LOCAL, it would have to be kvm7246-vm022.tc84.local
Not entirely.. Or at least, its not obligated to have the DNSdomain in REALM.
You can have.
while REALM can be : @LETS.DONT.CARE.ABOUT.REALM
You can also have.
kvm7246-vm022.maas.local And kvm7246-vm022.maas.local
Where ( by example )
kvm7246-vm022.maas.local is 192.168.0.1 AND kvm7246-vm022.maas.local is 10.1.2.3
kvm7246-vm022.maas.local 192.168.0.1 is in REALM: @LETS.DONT.CARE.ABOUT.REALM
And the other 10.1.2.3 is in @LETS.CARE.ABOUT.REALM
This is resolving, that needs to be verified first before we can change/advice samba changes.
That group change is not that big, so that should be ok but I suspect a routing/resolving problems in this case.
And just asking..
'@TC83\domain users' 'TC84\domain users' <<
On purpus that the TC84 is not having the @ ?
More information about the samba