[Samba] Machine passwords refresh (sometimes not happening)
Rowland Penny
rpenny at samba.org
Wed Sep 27 15:28:11 UTC 2023
On Wed, 27 Sep 2023 16:51:24 +0200
Matthias Leopold via samba <samba at lists.samba.org> wrote:
> Hi,
>
> can anyone help me here? This problem keeps occuring, it seems to
> have appeared after I upgraded vom 4.16 to 4.17. Full sequence of
> error in winbind logs is
>
> [2023/09/27 16:11:47.081424, 0]
> ../../source3/libads/kerberos_util.c:73(ads_kinit_password)
> kerberos_kinit_password S0-L01$@MY.DOMAIN failed:
> Preauthentication failed
> [2023/09/27 16:11:47.087539, 0]
> ../../source3/winbindd/winbindd_ads.c:1199(lookup_groupmem)
> ads_ranged_search failed with: Invalid credentials
>
> Winbind restart solves the problem.
>
> I admit I didn't try to use this "dedicated keytab file"/"kerberos
> method"/"winbind refresh tickets" stanzas yet, but leaving/rejoining
> domain is not a simple task. Also I'm confused by docs when to use
> them (as described).
>
> Thanks a lot
> Matthias
>
>
You only need 'winbind refresh tickets', the other two are if you
require a keytab for other uses.
Rowland
More information about the samba
mailing list