[Samba] Kerberos problems with only some servers

L.P.H. van Belle belle at bazuin.nl
Thu Apr 29 13:07:33 UTC 2021 

Ok, everything thats ok, i'v removed in this reply. 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Arne 
> Zachlod via samba
> Verzonden: donderdag 29 april 2021 14:02
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Kerberos problems with only some servers

En i see this.

Part of .. 
> netbios name = ADFS01
> -----------
> 
> Running as Unix domain member and no user.map detected.
> This is possible with an auth-only setup, checking also for NFS parts

Your missing the usermapping. 
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Mapping_the_Domain_Administrator_Account_to_the_Local_root_User 


> -----------
>      Warning, /etc/idmapd.conf does not exist
> 	( Only if you need NFS also ) 
> -----------
> 
> 
> Installed packages:
Missing : krb5-user 


> 
> -----------
> NEXT Server.
> 
> Collected config  --- 2021-04-29-11:02 -----------
> 
> Hostname: addc08
> DNS Domain: int.samdom.de
> FQDN: addc08.int.samdom.de
> ipaddress: 10.1.1.215
> 
> -----------
> 
> Kerberos SRV _kerberos._tcp.int.samdom.de record verified ok, sample 
> output:
> Server:		10.1.1.215
> Address:	10.1.1.215#53
> 
> _kerberos._tcp.int.samdom.de	service = 0 100 88 addc12.int.samdom.de.
> _kerberos._tcp.int.samdom.de	service = 0 100 88 addc16.int.samdom.de.
> _kerberos._tcp.int.samdom.de	service = 0 100 88 addc08.int.samdom.de.
> _kerberos._tcp.int.samdom.de	service = 0 100 88 addc13.int.samdom.de.
> Samba is running as an AD DC
> 
> -----------
>         Checking file: /etc/os-release
> 
> PRETTY_NAME="Debian GNU/Linux 10 (buster)"
> NAME="Debian GNU/Linux"
> VERSION_ID="10"
> VERSION="10 (buster)"
> VERSION_CODENAME=buster
> ID=debian
> HOME_URL="https://www.debian.org/"
> SUPPORT_URL="https://www.debian.org/support"
> BUG_REPORT_URL="https://bugs.debian.org/"
> 
> -----------
> 
> 
> This computer is running Debian 10.9 x86_64
> 
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
> group default qlen 1000
>      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>      inet 127.0.0.1/8 scope host lo
>      inet6 ::1/128 scope host
> 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
> state UP group default qlen 1000
>      link/ether 52:54:00:77:6c:f9 brd ff:ff:ff:ff:ff:ff
>      inet 10.1.1.215/24 brd 10.1.1.255 scope global ens3
>      inet6 fe80::5054:ff:fe77:6cf9/64 scope link
> 
> -----------
>         Checking file: /etc/hosts
> 
> 127.0.0.1	localhost
> 127.0.1.1	addc08.int.samdom.de addc08
The line above should be removed.  ( the 1270.0.1.1 ) 

> 
> 10.1.1.215	addc08.int.samdom.de
> 
> # The following lines are desirable for IPv6 capable hosts
> ::1     localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> 
> -----------
> 
>         Checking file: /etc/resolv.conf
> 
> domain int.samdom.de
> search int.samdom.de
> nameserver 10.1.1.215
I does help if you put the other DC's here also. 

> 
> -----------
> -----------
> 
> Installed packages:

Same here, missing krb5-user packages. 

So it doesnt look that bad, fix the things mentioned. 

Greetz, 

Louis

More information about the samba mailing list