Web lists-archives.com

Re: [Samba] AD integration not working after move/version




On Sat, 18 Mar 2017 17:49:31 +0100
Henrik Johansson <henrikj@xxxxxxxxxx> wrote:

> Hi Rowland and thanks for your reply,
> 

> 
> Short summary; this is on a old Solaris 10 system, the virtual host
> is a Solaris zone, or two instance of the zone on two hosts for
> failover. The config is years old and I had no part in this, but we
> needed to upgrade Solaris Oracle has only managed to release 3.5.8 or
> something close to that as patches. I could of course compile my own
> version or something but Samba was not the scope for this operation,
> it just stopped working which is a huge problem, and it can be
> because we needed to switch to the other zone or because the config
> did not work with this slightly newer version.
> 

OK, I wonder if you are running into the result of the badlock patches ?

> 
> kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not
> found in Kerberos database Failed to join domain: failed to connect
> to AD: Server not found in Kerberos database

What is the DC ?
What have you got in /etc/krb5.conf (or wherever it is)
Does /etc/resolv.conf use the DC as the first nameserver

> 
> I am under the impression that it’s kerberos.
> 

Samba uses winbind to talk to AD, so your first step will probably need
to be, adding the idmap config lines as suggested by Marc.

Rowland



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba