On 22/01/12 10:19, Gémes Géza wrote:
2012-01-21 09:42 keltezéssel, steve írta:
Version 4.0.0alpha18-GIT-957ec28 with dns hh3.site realm SITE
After starting samba -i -d3,
wbinfo -i someuser
gives this:
ldb_wrap open of secrets.ldb
using SPNEGO
Selected protocol [8][NT LANMAN 1.0]
Cannot reach a KDC we require to contact cifs/hh3.site@SITE : kinit
for HH3$@SITE failed (Cannot contact any KDC for requested realm)
SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_NO_LOGON_SERVERS
ldb_wrap open of secrets.ldb
schannel_fetch_session_key_tdb: restored schannel info key
SECRETS/SCHANNEL/HH3
Cannot reach a KDC we require to contact host/hh3.site@SITE : kinit
for HH3$@SITE failed (Cannot contact any KDC for requested realm)
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
NT_STATUS_NO_LOGON_SERVERS
wbinfo -u works fine and shows a list of users. Subsequent calls to
wbinfo do not produce this error. It only happens the first time after
samba is started.
<dare not mention>
This may coincide with yesterday's bind 9 update from openSUSE
</dare not mention>
This seems OK no?
Calling DNS name update script
Calling SPN name update script
Completed SPN update check OK
Completed DNS update check OK
and all the dns and kinit test stuff on the wiki checks out too.
Any ideas?
Thanks,
Steve
Glad you have mentioned bind, in my experience 90% of kerberos related
problems were caused by failure to look up names. On my test system (I
haven't used Samba4 in production yet) I use bind9.8 with thedlz
backend. After I restart samab4 I have to restart bind9 as well, because
otherwise there is no name resolution possible.
Hope that helps
Geza
Yes. That was it. named doesn't survive a samba restart here either.
openSUSE 12.1
rpm -q bind
bind-9.8.1P1-87.1.i586
Thanks
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
