Web lists-archives.com

Re: [Samba] Samba4 Kerberos Authentication Error





On 12/5/2018 12:28 PM, Rowland Penny via samba wrote:
On Wed, 5 Dec 2018 12:19:39 -0500
Marco Shmerykowsky PE <marco@xxxxxxxxxxxxxxxxx> wrote:



--

Marco J. Shmerykowsky, PE, F.ASCE
marco@xxxxxxxxxxxxxxxxx

-----------------------------------------
     Shmerykowsky Consulting Engineers
       Structural Analysis & Design
      102 West 38th Street, 2nd Floor
          New York, New York 10018
Tel. (212) 719-9700 Fax. (212) 719-4822
        http://www.sce-engineers.com
-----------------------------------------

On 12/5/2018 12:11 PM, Rowland Penny via samba wrote:
On Wed, 5 Dec 2018 11:33:01 -0500
Marco Shmerykowsky PE via samba <samba@xxxxxxxxxxxxxxx> wrote:


The Realm matches the DNS.

hostname -d returns -> internal.company.com

domain name is internal.company.com

I can ping both internal.company.com and
machine254.internal.company.com both resolve to the IP of
MACHINE254

I checked winbind using the commands on the following page & all
returned as expected.

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Testing_the_Winbindd_Connectivity


You have never said what OS you are using, but check /etc/krb5.conf.
Does it start with an 'include' line ?
If so remove it

Can you post the following files

/etc/hostname
/etc/hosts
etc/resolv.conf
/etc/krb5.conf
/etc/nsswitch.conf

Rowland

Server: Fedora 29 with Samba 4.9.2
Client: Windows 10 version 1803 Build 17134.441

/etc/hostname:

machine254

/etc/hosts:

127.0.0.1   localhost localhost.localdomain localhost4
localhost4.localdomain4
::1         localhost localhost.localdomain localhost6
localhost6.localdomain6
192.168.0.251   machine254.internal.company.com   machine254

/etc/resolv.conf:

# Generated by NetworkManager

nameserver 192.168.0.251

/etc/krb5.conf:

          default_realm = INTERNAL.COMPANY.COM

          dns_lookup_realm = false

          dns_lookup_kdc = true

/etc/nsswitch.conf:

# Generated by authselect on Fri Jun  1 19:19:08 2018

# Do not modify this file manually.

passwd:      sss files systemd winbind

group:       sss files systemd winbind

netgroup:   sss files

automount:  sss files

services:   sss files

sudoers:    files sss

shadow:     files

ethers:     files

netmasks:   files

networks:   files

protocols:  files

rpc:        files

hosts:      files dns myhostname

aliases:    files nisplus

bootparams: nisplus [NOTFOUND=return] files

publickey:  nisplus

---
This email has been checked for viruses by AVG.
https://www.avg.com


Are you using the OS's Samba packages ?
If so, you should be aware that they are deemed experimental and do not
fully work, they have problems and this could be another one of them.

Rowland


I was not aware of that.  Suggestions?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba