Web lists-archives.com

Re: [Samba] AD authentication issue in Samba (kerberos errors)




On Wed, 20 Mar 2019 13:11:47 +0200
"linux.il" <linux.il@xxxxxxxxx> wrote:

> >> - There have been no configuration changes to the system
> >> (especially/notably smb.conf) in 3+ weeks  
> >If this has just started happening, something must have changed.  
> I guess, Kerberos key automatic renew (krb5.keytab).

That would be my guess as well.

> 
> >Is winbind running ?  
> No

Then start it, you need it, from 4.8.0, Samba must have winbind running
when 'security' is set to 'ads'.

> 
> >Please post your smb.conf  
> This is my 'global' section:
> 
>        workgroup = EXAMPLE
>         security = ads
>         encrypt passwords = yes
>         realm =  EXAMPLE.COM
>         passdb backend = tdbsam
> 

Is that it ?

If we remove the default settings, it just becomes:

       workgroup = EXAMPLE
       security = ads
       realm =  EXAMPLE.COM

You need more and you do not need sssd

I would start by adding 'winbind refresh tickets = yes'
I wouldn't stop there.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba