Web lists-archives.com

Re: [Samba] Samba4 Kerberos Authentication Error

On 12/5/2018 12:28 PM, Rowland Penny via samba wrote:
On Wed, 5 Dec 2018 12:19:39 -0500
Marco Shmerykowsky PE <marco@xxxxxxxxxxxxxxxxx> wrote:


Marco J. Shmerykowsky, PE, F.ASCE

     Shmerykowsky Consulting Engineers
       Structural Analysis & Design
      102 West 38th Street, 2nd Floor
          New York, New York 10018
Tel. (212) 719-9700 Fax. (212) 719-4822

On 12/5/2018 12:11 PM, Rowland Penny via samba wrote:
On Wed, 5 Dec 2018 11:33:01 -0500
Marco Shmerykowsky PE via samba <samba@xxxxxxxxxxxxxxx> wrote:

The Realm matches the DNS.

hostname -d returns -> internal.company.com

domain name is internal.company.com

I can ping both internal.company.com and
machine254.internal.company.com both resolve to the IP of

I checked winbind using the commands on the following page & all
returned as expected.


You have never said what OS you are using, but check /etc/krb5.conf.
Does it start with an 'include' line ?
If so remove it

Can you post the following files



Server: Fedora 29 with Samba 4.9.2
Client: Windows 10 version 1803 Build 17134.441



/etc/hosts:   localhost localhost.localdomain localhost4
::1         localhost localhost.localdomain localhost6
localhost6.localdomain6   machine254.internal.company.com   machine254


# Generated by NetworkManager



          default_realm = INTERNAL.COMPANY.COM

          dns_lookup_realm = false

          dns_lookup_kdc = true


# Generated by authselect on Fri Jun  1 19:19:08 2018

# Do not modify this file manually.

passwd:      sss files systemd winbind

group:       sss files systemd winbind

netgroup:   sss files

automount:  sss files

services:   sss files

sudoers:    files sss

shadow:     files

ethers:     files

netmasks:   files

networks:   files

protocols:  files

rpc:        files

hosts:      files dns myhostname

aliases:    files nisplus

bootparams: nisplus [NOTFOUND=return] files

publickey:  nisplus

This email has been checked for viruses by AVG.

Are you using the OS's Samba packages ?
If so, you should be aware that they are deemed experimental and do not
fully work, they have problems and this could be another one of them.


I was not aware of that.  Suggestions?

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba