Re: [Samba] AD authentication issue in Samba (kerberos errors)
- Date: Wed, 20 Mar 2019 11:26:07 +0000
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] AD authentication issue in Samba (kerberos errors)
On Wed, 20 Mar 2019 13:11:47 +0200
"linux.il" <linux.il@xxxxxxxxx> wrote:
> >> - There have been no configuration changes to the system
> >> (especially/notably smb.conf) in 3+ weeks
> >If this has just started happening, something must have changed.
> I guess, Kerberos key automatic renew (krb5.keytab).
That would be my guess as well.
> >Is winbind running ?
Then start it, you need it, from 4.8.0, Samba must have winbind running
when 'security' is set to 'ads'.
> >Please post your smb.conf
> This is my 'global' section:
> workgroup = EXAMPLE
> security = ads
> encrypt passwords = yes
> realm = EXAMPLE.COM
> passdb backend = tdbsam
Is that it ?
If we remove the default settings, it just becomes:
workgroup = EXAMPLE
security = ads
realm = EXAMPLE.COM
You need more and you do not need sssd
I would start by adding 'winbind refresh tickets = yes'
I wouldn't stop there.
To unsubscribe from this list go to the following URL and read the