Web lists-archives.com

[Samba] Login to AD Member Fail

when I try to login to AD member via IP-Address from Windows Client it

Login to AD Member from Windows Client via DNS Name fail.
Windows Errorcode: 0x80070035

Dc1: Samba 4.5.12+dfsg-2+deb9u2
AD Member: Samba 4.5.12+dfsg-2+deb9u2

winbindd.log (AD Member)

[2018/06/27 12:49:58.787087,  1]
  Error during PAC signature verification: NT_STATUS_UNSUCCESSFUL
[2018/06/27 12:50:17.766117,  1]
  Failed to initialize kerberos context: Invalid argument

win-client.log (AD Member)

[2018/06/27 12:49:13.354207,  1]
  Failed to fetch record!
[2018/06/27 12:49:13.354282,  1]
  pcap cache not loaded

smb.conf (AD Member)

  security = ADS
   workgroup = DOM
   realm = DOM.EXAMPLE.COM

   bind interfaces only = yes
   interfaces = lo eth0

   log file = /var/log/samba/%m.log
   log level = 1

   idmap config * : backend = tdb
   idmap config * : range = 1000-1005

   # idmap config for the DOM domain
   idmap config KES:backend = ad
   idmap config KES:schema_mode = rfc2307
   idmap config KES:range = 1006-999999

    winbind enum users = yes
    winbind enum groups = yes
    template homedir = /home/users/%U
    template shell = /bin/bash

    winbind use default domain = yes

    vfs objects = acl_xattr
    map acl inherit = yes
    store dos attributes = yes

    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab

Login via smbclient works also.

Whats wrong?
Best Regards,

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba