Web lists-archives.com

Re: [Samba] Samba4 Kerberos Authentication Error




On Wed, 5 Dec 2018 12:19:39 -0500
Marco Shmerykowsky PE <marco@xxxxxxxxxxxxxxxxx> wrote:

> 
> 
> --
> 
> Marco J. Shmerykowsky, PE, F.ASCE
> marco@xxxxxxxxxxxxxxxxx
> 
> -----------------------------------------
>     Shmerykowsky Consulting Engineers
>       Structural Analysis & Design
>      102 West 38th Street, 2nd Floor
>          New York, New York 10018
> Tel. (212) 719-9700 Fax. (212) 719-4822
>        http://www.sce-engineers.com
> -----------------------------------------
> 
> On 12/5/2018 12:11 PM, Rowland Penny via samba wrote:
> > On Wed, 5 Dec 2018 11:33:01 -0500
> > Marco Shmerykowsky PE via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > 
> >>
> >> The Realm matches the DNS.
> >>
> >> hostname -d returns -> internal.company.com
> >>
> >> domain name is internal.company.com
> >>
> >> I can ping both internal.company.com and
> >> machine254.internal.company.com both resolve to the IP of
> >> MACHINE254
> >>
> >> I checked winbind using the commands on the following page & all
> >> returned as expected.
> >>
> >> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Testing_the_Winbindd_Connectivity
> >>
> > 
> > You have never said what OS you are using, but check /etc/krb5.conf.
> > Does it start with an 'include' line ?
> > If so remove it
> > 
> > Can you post the following files
> > 
> > /etc/hostname
> > /etc/hosts
> > etc/resolv.conf
> > /etc/krb5.conf
> > /etc/nsswitch.conf
> > 
> > Rowland
> 
> Server: Fedora 29 with Samba 4.9.2
> Client: Windows 10 version 1803 Build 17134.441
> 
> /etc/hostname:
> 
> machine254
> 
> /etc/hosts:
> 
> 127.0.0.1   localhost localhost.localdomain localhost4 
> localhost4.localdomain4
> ::1         localhost localhost.localdomain localhost6 
> localhost6.localdomain6
> 192.168.0.251   machine254.internal.company.com   machine254
> 
> /etc/resolv.conf:
> 
> # Generated by NetworkManager 
> 
> nameserver 192.168.0.251
> 
> /etc/krb5.conf:
> 
>          default_realm = INTERNAL.COMPANY.COM 
> 
>          dns_lookup_realm = false 
> 
>          dns_lookup_kdc = true
> 
> /etc/nsswitch.conf:
> 
> # Generated by authselect on Fri Jun  1 19:19:08 2018 
> 
> # Do not modify this file manually. 
> 
>  
> 
> passwd:      sss files systemd winbind 
> 
> group:       sss files systemd winbind 
> 
> netgroup:   sss files 
> 
> automount:  sss files 
> 
> services:   sss files 
> 
> sudoers:    files sss 
> 
>  
> 
> shadow:     files 
> 
> ethers:     files 
> 
> netmasks:   files 
> 
> networks:   files 
> 
> protocols:  files 
> 
> rpc:        files 
> 
> hosts:      files dns myhostname 
> 
>  
> 
> aliases:    files nisplus 
> 
> bootparams: nisplus [NOTFOUND=return] files 
> 
> publickey:  nisplus
> 
> ---
> This email has been checked for viruses by AVG.
> https://www.avg.com
> 

Are you using the OS's Samba packages ?
If so, you should be aware that they are deemed experimental and do not
fully work, they have problems and this could be another one of them.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba