[Samba] Kerberos problems with only some servers
L.P.H. van Belle
belle at bazuin.nl
Thu Apr 29 13:07:33 UTC 2021
Ok, everything thats ok, i'v removed in this reply.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Arne
> Zachlod via samba
> Verzonden: donderdag 29 april 2021 14:02
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Kerberos problems with only some servers
En i see this.
Part of ..
> netbios name = ADFS01
> -----------
>
> Running as Unix domain member and no user.map detected.
> This is possible with an auth-only setup, checking also for NFS parts
Your missing the usermapping.
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Mapping_the_Domain_Administrator_Account_to_the_Local_root_User
> -----------
> Warning, /etc/idmapd.conf does not exist
> ( Only if you need NFS also )
> -----------
>
>
> Installed packages:
Missing : krb5-user
>
> -----------
> NEXT Server.
>
> Collected config --- 2021-04-29-11:02 -----------
>
> Hostname: addc08
> DNS Domain: int.samdom.de
> FQDN: addc08.int.samdom.de
> ipaddress: 10.1.1.215
>
> -----------
>
> Kerberos SRV _kerberos._tcp.int.samdom.de record verified ok, sample
> output:
> Server: 10.1.1.215
> Address: 10.1.1.215#53
>
> _kerberos._tcp.int.samdom.de service = 0 100 88 addc12.int.samdom.de.
> _kerberos._tcp.int.samdom.de service = 0 100 88 addc16.int.samdom.de.
> _kerberos._tcp.int.samdom.de service = 0 100 88 addc08.int.samdom.de.
> _kerberos._tcp.int.samdom.de service = 0 100 88 addc13.int.samdom.de.
> Samba is running as an AD DC
>
> -----------
> Checking file: /etc/os-release
>
> PRETTY_NAME="Debian GNU/Linux 10 (buster)"
> NAME="Debian GNU/Linux"
> VERSION_ID="10"
> VERSION="10 (buster)"
> VERSION_CODENAME=buster
> ID=debian
> HOME_URL="https://www.debian.org/"
> SUPPORT_URL="https://www.debian.org/support"
> BUG_REPORT_URL="https://bugs.debian.org/"
>
> -----------
>
>
> This computer is running Debian 10.9 x86_64
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP group default qlen 1000
> link/ether 52:54:00:77:6c:f9 brd ff:ff:ff:ff:ff:ff
> inet 10.1.1.215/24 brd 10.1.1.255 scope global ens3
> inet6 fe80::5054:ff:fe77:6cf9/64 scope link
>
> -----------
> Checking file: /etc/hosts
>
> 127.0.0.1 localhost
> 127.0.1.1 addc08.int.samdom.de addc08
The line above should be removed. ( the 1270.0.1.1 )
>
> 10.1.1.215 addc08.int.samdom.de
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> -----------
>
> Checking file: /etc/resolv.conf
>
> domain int.samdom.de
> search int.samdom.de
> nameserver 10.1.1.215
I does help if you put the other DC's here also.
>
> -----------
> -----------
>
> Installed packages:
Same here, missing krb5-user packages.
So it doesnt look that bad, fix the things mentioned.
Greetz,
Louis
More information about the samba
mailing list