Re: [Samba] samba4 ticket server cifs/ not found in keytab

[listmail via samba <samba@xxxxxxxxxxxxxxx>]

On 2018-04-26 09:48, L.P.H. van Belle via samba wrote:
> Hai,
>
> > From your smb.
> >          realm = AD.INTERNALTWO.COM
> >          netbios name = nas1dev-rhel7
> >          server string = nas1dev-rhel7
>
> Is i expect 
> cifs/nas1dev-rhel7.ad.yourPrimaryDomain.tld@xxxxxxxxxxxxxxxxxx
> Check you hosts file and resolve.conf
>
> Like in what is the output of :
> hostname -I and hostname -A
the AD.INTERNALONE.COM is appended somehow when accessing 
AD.INTERNALTWO.COM from the AD.INTERNALONE.COM domain -- then CIFS 
ticket error occurs.  the actual hostname of the samba server is 
nas1dev-rhel7.

> For cifs kerberos tickets, add in krb5.conf the following lines.
>
>     default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac
> des-cbc-crc des-cbc-md5
>     default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac
> des-cbc-crc des-cbc-md5
>     permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
> des-cbc-md5
>
> That might help, then try again, you might need to restart the server 
> first.

> And this is wrong.
>          idmap config * : range = 1000000-1999999
>          idmap config * : backend = tdb
>          idmap config INTERNALTWO range = 1000000-1999999
>          idmap config INTERNALTWO : backend = ads
>          idmap config NAS1DEV-RHEL7 : range = 1000000-1999999
>          idmap config NAS1DEV-RHEL7 : backend = tdb
>
> These range may not overlap.
> Review your setup smb.conf base on :
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba