[Samba] Upgrade from 4.11.6 to 4.12.2 created authentication issues
James Atwell
james.atwell365 at gmail.com
Sun May 17 15:54:02 UTC 2020
On 5/17/2020 5:29 AM, Rowland penny via samba wrote:
> On 17/05/2020 00:24, James Atwell wrote:
>>>> So I suppose I still have trouble with my domain.
>>>>
>>>> root at pfdc1:/# net ads user info administrator -U administrator
>>>>
>>>> Enter administrator's password:
>>>> kerberos_kinit_password SAMBA at SAMBA.LOCAL failed: Client not found
>>>> in Kerberos database
>>>>
>>>> kerberos_kinit_password SAMBA at SAMBA.LOCAL failed: Client not found
>>>> in Kerberos database
>
> No, you might not have anything wrong with the domain.
>
> Does this look familiar ?
>
> root at dc01:~# net ads user info administrator -U administrator
> Enter administrator's password:
> kerberos_kinit_password SAMDOM at SAMDOM.EXAMPLE.COM failed: Client not
> found in Kerberos database
> kerberos_kinit_password SAMDOM at SAMDOM.EXAMPLE.COM failed: Client not
> found in Kerberos database
>
> This happens on both my DC's, one is running 4.10.14, the other 4.11.7
>
> But on a domain joined rpi running 4.11.7:
>
> pi at raspberrypi:~ $ sudo net ads user info administrator -U administrator
> Enter administrator's password:
> Domain Users
> Domain Admins
> Administrators
> Enterprise Admins
> Group Policy Creator Owners
> Schema Admins
>
> Do you have a Unix domain member you could test from ?
>
> It is looking like it is a problem with your readynas.
>
> Rowland
>
>
>
Strange results on a domain member
jatwell at osticket:~$ net ads user info administrator -U administrator
Enter administrator's password:
create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file
/var/run /samba/smb_tmp_krb5.Bgy6b4. Errno Permission denied
create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file
/var/run /samba/smb_tmp_krb5.M1pz6T. Errno Permission denied
Domain Users
Administrators
Group Policy Creator Owners
Enterprise Admins
Schema Admins
Remote Desktop Users Group
Domain Admins
If run as root I get this.
root at osticket:~# net ads user info administrator -U administrator
Enter administrator's password:
gss_init_sec_context failed with [ Miscellaneous failure (see text):
encryption type 3 not supported]
kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An
internal error occurred.
gss_init_sec_context failed with [ Miscellaneous failure (see text):
encryption type 3 not supported]
gss_init_sec_context failed with [ Miscellaneous failure (see text):
encryption type 3 not supported]
kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An
internal error occurred.
Running this command on all my DC's looks exactly like what you
mentioned on yours. Maybe if I talk this out something will spring to
mind. The following are the steps I took to do an in place upgrade on 2
DC's that caused all 4 of my Netgear ReadyNAS to no longer import the
users and groups.
The first DC I chose to upgrade was my DC that holds all my FSMO roles.
I ran apt-get update followed by apt-get dist-upgrade. Rebooted and ran
the dependencies scripts(first time) from the wiki on an Ubuntu 16.04.
Downloaded samba source and ran ./configure --mandir=/usr/share/man,
make, shutdown samba and install. After reboot went to check
replication with samba-tool drs showrepl and noticed an error
immediately as the screen scrolled to show replication working
correctly. Scrolled to the top and seen the following error;
ldb: unable to dlopen /usr/lib64/samba/ldb/local_password.so :
/usr/lib64/samba/libsamdb-common-samba4.so: version `SAMBA_4.11.6' not
found (required by /usr/lib64/samba/ldb/local_password.so)
ldb: unable to dlopen /usr/lib64/samba/ldb/simple_dn.so :
/usr/lib64/samba/libdsdb-module-samba4.so: version `SAMBA_4.11.6' not found
(required by /usr/lib64/samba/ldb/simple_dn.so)
ldb: unable to dlopen /usr/lib64/samba/ldb/simple_ldap_map.so :
/usr/lib64/samba/libsamdb-common-samba4.so: version `SAMBA_4.11.6' not
found (required by /usr/lib64/samba/ldb/simple_ldap_map.so)
A google search of the error landed me on the samba list with mention to
this error. Reading the thread I see a member mention moving the samba
folder and building again. So I did. After the build and install I
copied back the following files folders from my original samba folder
* etc
* private
* sysvol
I then rebooted and ran samba-tool drs showrepl. The previous error was
gone but now a new error displayed, but I can't recall what it said.
Keep in my replication still showed as working. I do recall the error
was complaining about Kerberos or the keytab. I can't recall exactly.
But from the error I chose to run kinit administrator to resolve. That
much I took from the error. Kinit and klist succeeded and and I reran
samba-tool drs showrepl. This time no errors reported. Did the exact
same steps on another server running Ubuntu 18.04 when I began to notice
I had issues with my ReadyNAS. Did I forget to copy something from my
original samba folder?
-James
More information about the samba
mailing list