[Samba] nsupdate failed: GSSAPI error: A token had an invalid message integrity check
Rowland Penny
rpenny at samba.org
Fri Jan 28 21:29:22 UTC 2022
On Fri, 2022-01-28 at 15:03 -0600, Michael Jones via samba wrote:
> Thank you for the response.
>
> On Fri, Jan 28, 2022 at 4:16 AM L.P.H. van Belle via samba <
> samba at lists.samba.org> wrote:
>
> > On AD-DC or Member ?
> >
>
> AD-DC, phrased as "> As the root user on my domain controller." in my
> original email, though I know it was a big wall of text, so I
> probably
> would have missed that detail myself.
>
I waded through all of that info and one thing popped out:
(-system-heimdal) -system-mitkrb5
So which was your DC built with, 'Heimdal' or 'MIT' ?
Also your smb.conf files are borked, you do not use a user.map on a DC
and I would expect each DC smb.conf to look similar to this:
[global]
server role = active directory domain controller
allow dns updates = nonsecure
dns forwarder = 10.0.0.1 8.8.8.8 8.8.4.4
idmap_ldb:use rfc2307 = yes
workgroup = NETWORK-1
realm = NETWORK-1.NET
log level = 2 dns:2 auth:2 vfs:2
ntlm auth = yes
template shell = /bin/bash
template homedir = /home/%U
[sysvol]
path = /var/lib/samba/sysvol
read only = no
[netlogon]
path = /var/lib/samba/sysvol/network-1.net/scripts
read only = no
More information about the samba
mailing list