Web lists-archives.com

[Samba] Login to AD Member Fail




Hello,
when I try to login to AD member via IP-Address from Windows Client it
works.

Login to AD Member from Windows Client via DNS Name fail.
Windows Errorcode: 0x80070035

Dc1: Samba 4.5.12+dfsg-2+deb9u2
AD Member: Samba 4.5.12+dfsg-2+deb9u2

winbindd.log (AD Member)

[2018/06/27 12:49:58.787087,  1]
../source3/winbindd/winbindd_pam.c:2567(winbindd_pam_auth_pac_send)
  Error during PAC signature verification: NT_STATUS_UNSUCCESSFUL
[2018/06/27 12:50:17.766117,  1]
../source3/winbindd/winbindd_pam.c:2502(extract_pac_vrfy_sigs)
  Failed to initialize kerberos context: Invalid argument


win-client.log (AD Member)

[2018/06/27 12:49:13.354207,  1]
../source3/printing/printer_list.c:234(printer_list_get_last_refresh)
  Failed to fetch record!
[2018/06/27 12:49:13.354282,  1]
../source3/smbd/server_reload.c:69(delete_and_reload_printers)
  pcap cache not loaded


smb.conf (AD Member)

  security = ADS
   workgroup = DOM
   realm = DOM.EXAMPLE.COM

   bind interfaces only = yes
   interfaces = lo eth0

   log file = /var/log/samba/%m.log
   log level = 1

   idmap config * : backend = tdb
   idmap config * : range = 1000-1005

   # idmap config for the DOM domain
   idmap config KES:backend = ad
   idmap config KES:schema_mode = rfc2307
   idmap config KES:range = 1006-999999

    winbind enum users = yes
    winbind enum groups = yes
    template homedir = /home/users/%U
    template shell = /bin/bash

    winbind use default domain = yes

    vfs objects = acl_xattr
    map acl inherit = yes
    store dos attributes = yes

    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab



Login via smbclient works also.

Whats wrong?
Best Regards,







-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba