Kerberos: Principal may not act as server ERROR
in [Samba]
|
From: Aggarwal, Ajay on 2 Aug 2010 10:00 Just bumping up to see if anyone else has seen this issue. Also noticed following errors in samba log. Wonder if these are related? Failed to modify SPNs on CN=NODE1-LIME,CN=Computers,DC=sambalime,DC=stratus,DC=com: error in module acl: insufficient access rights (50) ldb_wrap open of sam.ldb Failed to modify SPNs on CN=NODE1-LIME,CN=Computers,DC=sambalime,DC=stratus,DC=com: error in module acl: insufficient access rights (50) added interface ip=10.90.0.71 nmask=255.255.255.0 ldb_wrap open of sam.ldb Failed to modify SPNs on CN=NODE1-LIME,CN=Computers,DC=sambalime,DC=stratus,DC=com: error in module acl: insufficient access rights (50) ldb_wrap open of sam.ldb Failed to modify SPNs on CN=NODE1-LIME,CN=Computers,DC=sambalime,DC=stratus,DC=com: error in module acl: insufficient access rights (50) added interface ip=10.90.0.71 nmask=255.255.255.0 ldb_wrap open of sam.ldb Failed to modify SPNs on CN=NODE1-LIME,CN=Computers,DC=sambalime,DC=stratus,DC=com: error in module acl: insufficient access rights (50) ipv4:10.90.0.88:49232 closed connection to service IPC$ -Ajay -----Original Message----- From: samba-bounces(a)lists.samba.org [mailto:samba-bounces(a)lists.samba.org] On Behalf Of Aggarwal, Ajay Sent: Thursday, July 29, 2010 12:55 PM To: samba(a)lists.samba.org Subject: [Samba] Kerberos: Principal may not act as server ERROR Our environment: samba4 (alpha12) running on centos 5.4. We are experimenting with Hyper-V 2008 R2 Failover Clustering, which requires Active Directory. We are trying to see if samba-4 will work as the AD server. We are trying to create 2 node failover cluster. Both nodes have joined the domain successfully (with samba-4 as the DC). But subsequent steps of creating the "Failover Cluster" are failing and we see following error in samba log Kerberos: TGS-REQ administrator(a)SAMBALIME.STRATUS.COM from ipv4:10.90.0.87:49614 for Administrator(a)SAMBALIME.STRATUS.COM [canonicalize, renewable, forwardable] Kerberos: Principal may not act as server -- Administrator(a)SAMBALIME.STRATUS.COM Kerberos: Failed building TGS-REP to ipv4:10.90.0.87:49614 Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] Is something wrong with our configuration (smb.conf)? -Ajay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: HOWTO centOS 5.5 samba4 dns dynamic update/Replication Next: Samba4 Replication Policies |