On 8 March 2017 at 16:07, John Beranek <[email protected]> wrote: > On 8 March 2017 at 14:59, Sumit Bose <[email protected]> wrote: >> On Wed, Mar 08, 2017 at 02:09:09PM +0000, John Beranek wrote: >>> On 8 March 2017 at 13:40, Mote, Todd <[email protected]> wrote: >>> > Does on my rhel 6 boxes. I'm not in front of a computer at the moment, >>> > but >>> > there is a log where you can see it. Sssd_domain.log I think. I'll look >>> > when I get to work and let you know. Might search the list archive too >>> > I'm >>> > pretty sure I asked about it when adcli was still in the .7’s. >>> >>> Hmm, just reading a list thread from September 2016 where it's >>> suggested that adcli doesn't get on well with Samba,entitled "samba >>> 4.2.11, 4.2.14 and sssd?" http://bit.ly/2n60x4r >>> >>> I wonder if having adcli installed, but using "net ads join" to join >>> the domain is still troublesome... >> >> Maybe adcli does not lead to the expected result because you use >> 'kerberos method = secrets and keytab'. adcli can only update the keytab >> but not the host password stored in Samba's secrets.tdb. So chances are >> that even if the keys in the keytab are updated Samba will still use the >> old one from secrets.tdb. Have you tried to use 'kerberos method = >> system keytab'? > > Thanks Sumit, no change with just the config change, would I need to > clear out the Samba database after the change?
Getting the following, which may answer that question: [2017/03/08 16:04:56.947025, 0] libads/kerberos_util.c:101(ads_kinit_password) kerberos_kinit_password [email protected] failed: Preauthentication failed [2017/03/08 16:04:56.947192, 3] printing/nt_printing_ads.c:639(check_published_printers) ads_connect failed: Preauthentication failed John -- John Beranek To generalise is to be an idiot. http://redux.org.uk/ -- William Blake _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
