Re: [Samba] AD authentication issue in Samba (kerberos errors)
- Date: Wed, 20 Mar 2019 11:03:15 +0000
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] AD authentication issue in Samba (kerberos errors)
On Wed, 20 Mar 2019 12:27:09 +0200
"linux.il via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> I have CENTOS7 box with Samba 4.8.3-4 and SSSD 1.16.2-13,
> authentication against MS Win domain.
We don't actually support using a Samba Unix domain member with SSSD,
mainly because SSSD isn't a Samba product.
> - Recently, Active Directory authentication stopped working within
> - Users who try to connect to reach the point of being prompted for AD
> credentials; failures happen afterward.
> - All flavors of client OS are affected: Windows, Mac and Linux (via
> - There have been no configuration changes to the system
> (especially/notably smb.conf) in 3+ weeks
If this has just started happening, something must have changed.
> - AD and SSSD continue to work fine within the operating system
> itself (SSH to the server works, can query AD for group information
> via ‘getent group GROUP’, etc.).
Is winbind running ?
> I do see some Kerberos errors into Samba logs:
> [2019/03/20 09:43:48.594230, 0]
> kerberos_kinit_password LINUX$@EXAMPLE.COM failed: Preauthentication
> As far as I see from forum suggestions, linux box re-join to the
> domain should fix this issue, but I'm really don't like such manual
Please post your smb.conf
To unsubscribe from this list go to the following URL and read the