2012-01-21 09:42 keltezéssel, steve írta: > Version 4.0.0alpha18-GIT-957ec28 with dns hh3.site realm SITE > After starting samba -i -d3, > wbinfo -i someuser > gives this: > > ldb_wrap open of secrets.ldb > using SPNEGO > Selected protocol [8][NT LANMAN 1.0] > Cannot reach a KDC we require to contact cifs/hh3.site@SITE : kinit > for HH3$@SITE failed (Cannot contact any KDC for requested realm) > SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_NO_LOGON_SERVERS > > > ldb_wrap open of secrets.ldb > schannel_fetch_session_key_tdb: restored schannel info key > SECRETS/SCHANNEL/HH3 > Cannot reach a KDC we require to contact host/hh3.site@SITE : kinit > for HH3$@SITE failed (Cannot contact any KDC for requested realm) > SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: > NT_STATUS_NO_LOGON_SERVERS > > wbinfo -u works fine and shows a list of users. Subsequent calls to > wbinfo do not produce this error. It only happens the first time after > samba is started. > > <dare not mention> > This may coincide with yesterday's bind 9 update from openSUSE > </dare not mention> > > This seems OK no? > Calling DNS name update script > Calling SPN name update script > Completed SPN update check OK > Completed DNS update check OK > > and all the dns and kinit test stuff on the wiki checks out too. > > Any ideas? > Thanks, > Steve Glad you have mentioned bind, in my experience 90% of kerberos related problems were caused by failure to look up names. On my test system (I haven't used Samba4 in production yet) I use bind9.8 with thedlz backend. After I restart samab4 I have to restart bind9 as well, because otherwise there is no name resolution possible.
Hope that helps Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
