I just noticed I wasn’t able to reach my Samba shares on NS7 anymore. After a short investigation I saw in NS7 Dashboard a red line with AccountProvider_Error_82
When i look at Domain Accounts I get the following:
NetBIOS domain name: INTERLIN
LDAP server: 192.168.10.6
LDAP server name: nsdc-ns7.ad.interlin.nl
Realm: AD.INTERLIN.NL
Bind Path: dc=AD,dc=INTERLIN,dc=NL
LDAP port: 389
Server time: Sun, 01 Apr 2018 18:10:38 CEST
KDC server: 192.168.10.6
Server time offset: 0
Last machine account password change: Fri, 04 Aug 2017 19:53:04 CEST
[root@server2 ~]# kinit -V admin
Using existing cache: persistent:0:0
Using principal: admin@AD.CMB.LOCAL
Password for admin@AD.CMB.LOCAL:
Authenticated to Kerberos v5
Found a thread here:
Unbind and reinstall AD may solve it as a last instance.
The first command works.
The second command fails:
[root@ns7 ~]# /usr/libexec/nethserver/list-users
kinit: Preauthentication failed while getting initial credentials
(82) GSSAPI Error (init): Unspecified GSS failure. Minor code may provide more information
Ticket expired
No idea how comes the ticket has expired? shouldn’t that be an automatic process for renewal? Frankly, I have no idea how the background process works…
This is the server where the AD container is attached to. Would I have a lot of trouble if I leave the domain and rejoin? Help?
I just tried it. I had to redo users/groups (could be exported/imported), passwords and domain member machines. I didn’t have ACLs and shares. I did it via web UI (uninstall and then install local AD again).
weird… cos users/groups are on the nsdc container right? So why the need for recreating users and groups?
I do have shares and can’t affort to lose those.
Leaving and re-joining didn’t work I had to reinstall the account provider and re-create all users and groups. The shares were still available. But that is not samba4 related I guess?
Still weird that the computer account for the server was corrupted in some way…