Re: [Samba] DRS stopped working after upgrade from debian Jessie to Stretch
- Date: Tue, 20 Jun 2017 09:58:49 +1200
- From: Andrew Bartlett via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] DRS stopped working after upgrade from debian Jessie to Stretch
On Mon, 2017-06-19 at 22:13 +0200, Prunk Dump via samba wrote:
> Hello Samba team !
> I'am in a very delicate situation. After an upgrade to debian Stretch
> my DRS stopped working.
Have you ever had MIT krb5 installed, or is krb5kdc now running?
Samba doesn't use /etc/krb5.keytab, so this may be related to some
previous install (or may be related to how you are trying to use NFS).
> This seem to be a computer account problem. But I can't find any
> problem in Kerberos :
> # kinit -k FICHDC$
> # klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: FICHDC$@NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR
Can you do this against the secrets.keytab in Samba's private/ dir?
You can reset the Samba machine account pw with
- it wont be packaged so you will have to build Samba and tell it to
operate against the right paths
- it shouldn't be needed, upgrades shouldn't break this, and
understanding the root cause would be better
Does 'samba-tool time -P' work? It is any different with 'samba-tool
time -P -k no'? (It seems you issue is related primarily to kerberos
and a keytab out of sync somehow).
> Valid starting Expires Service principal
> 19/06/2017 22:05:54 20/06/2017 08:05:54
> renew until 20/06/2017 22:05:54
> # klist -k
> Keytab name: FILE:/etc/krb5.keytab
As I mention above, this is the wrong keytab for a Samba DC.
> A big thank if someone can help me !
I hope this helps, otherwise depending on the urgency you might need to
get some professional guidance. It gets really stressful when then
network is down and we all know that can lead to mistakes.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
To unsubscribe from this list go to the following URL and read the