Re: [Samba] unable to mount nfs4v over krb5 after samba upgrade.
- Date: Mon, 17 Dec 2018 16:51:05 +0100
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] unable to mount nfs4v over krb5 after samba upgrade.
I think the following..
Somewhere a password has expired of something is going to a guest account...
map to guest= Bad User << remove it, and and restart samba/winbind .
That does man smb.conf say about this setting and helpdesks ... ;-)
Can you tell why this is in you member server's config? So we understand you setup more.
And your config is missing the refress tickets so i might be that a keytab pasword has expired.
winbind refresh tickets = yes
Last, check for the nfs/SPN in the keytab file on the member server and in the AD.
How depends a bit on your setup.
If you did an OS upgrade also, then OS and from/to versions.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
> VigneshDhanraj G via samba
> Verzonden: maandag 17 december 2018 8:53
> Aan: Rowland penny
> CC: Samba Listing
> Onderwerp: Re: [Samba] unable to mount nfs4v over krb5 after
> samba upgrade.
> Hi Rowland,
> Still issue persists, i have removed passdb backend option from my smb
> config. i haven't found any passdb.tdb file in private
> folder. i only see
> smbpasswd file. whether passwd.tdb file will create automatically?
> I have created one more setup with samba 4.7 installed to
> check there is
> issue in my environment, everything works fine there.
> Whats the change causing this problem, i guess definitely
> samba upgrade
> causing issue, not my environment.
> Please help me out.
> VigneshDhanraj G
> On Fri, Dec 14, 2018 at 7:51 PM Rowland Penny via samba <
> samba@xxxxxxxxxxxxxxx> wrote:
> > On Fri, 14 Dec 2018 19:14:28 +0530
> > VigneshDhanraj G via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > > Hi Team,
> > >
> > > Upgraded samba from 4.7. to 4.9.3. After upgrade unable
> to mount nfsv4
> > > through krb5 security.
> > >
> > > smb.conf:
> > >
> > > [Global]
> > > available= yes
> > > restrict anonymous= 0
> > > Workgroup= VIKY
> > > netbios name= viky
> > > realm= VIKY.LOCAL
> > > password server= 192.168.1.10, *
> > > idmap backend= tdb
> > > idmap uid= 5000-9999999
> > > idmap gid= 5000-9999999
> > > idmap config *: backend= rid
> > > idmap config *: range= 10000000-19999999
> > > security= ADS
> > > name resolve order= wins host bcast lmhosts
> > > client use spnego= yes
> > > dns proxy= no
> > > winbind use default domain= no
> > > winbind nested groups= yes
> > > inherit acls= yes
> > > winbind enum users= yes
> > > winbind enum groups= yes
> > > winbind separator= \\
> > > winbind cache time= 300
> > > winbind offline logon= true
> > > template shell= /bin/sh
> > > kerberos method= secrets and keytab
> > > map to guest= Bad User
> > > host msdfs= yes
> > > strict allocate= no
> > > encrypt passwords= yes
> > > passdb backend= smbpasswd
> > > printcap name= lpstat
> > > printable= no
> > > load printers= yes
> > > max smbd processes= 500
> > > getwd cache= yes
> > > syslog= 0
> > > use sendfile= yes
> > > log level= 0
> > > max log size= 50
> > > unix extensions= no
> > > dos charset= ascii
> > > state directory= /mnt/system/samba/system
> > > cache directory= /tmp/samba/
> > > ntlm auth= Yes
> > > winbind expand groups= 1
> > >
> > > Thanks,
> > Several things, read 'man smb.conf' and:
> > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> > Remove 'passdb backend= smbpasswd', you will then be using
> the default
> > 'tdbsam' passdb backend.
> > Rowland
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
To unsubscribe from this list go to the following URL and read the