@davidep The copy command you posted didn’t change the etc/krb5.conf even after allowing overwrite and running the samba restart. I tried it a couple of times, I verified the content of the file to be copied contained the correct domain.
Then I went ahead and tried an update which was successful, meaning clients could browse shares and no error banner on the dashboard;
Nov 07 17:50:23 Updated: nethserver-base-3.1.1-1.ns7.noarch
Nov 07 17:50:25 Updated: 1:grub2-common-2.02-0.65.el7.centos.2.noarch
Nov 07 17:50:25 Installed: 1:grub2-tools-minimal-2.02-0.65.el7.centos.2.x86_64
Nov 07 17:50:26 Installed: 1:grub2-tools-2.02-0.65.el7.centos.2.x86_64
Nov 07 17:50:27 Updated: nethserver-mysql-1.1.3-1.ns7.noarch
Nov 07 17:50:27 Updated: nethserver-sssd-1.3.2-1.ns7.noarch
Nov 07 17:50:28 Installed: 1:grub2-tools-extra-2.02-0.65.el7.centos.2.x86_64
Nov 07 17:50:29 Updated: 1:grub2-pc-modules-2.02-0.65.el7.centos.2.noarch
Nov 07 17:50:30 Updated: 1:grub2-pc-2.02-0.65.el7.centos.2.x86_64
Nov 07 17:50:31 Updated: kernel-tools-libs-3.10.0-693.5.2.el7.x86_64
Nov 07 17:52:19 Updated: nextcloud-12.0.3-1.el7.noarch
Nov 07 17:52:21 Updated: python2-acme-0.19.0-1.el7.noarch
Nov 07 17:52:26 Updated: python2-certbot-0.19.0-1.el7.noarch
Nov 07 17:52:35 Updated: certbot-0.19.0-1.el7.noarch
Nov 07 17:52:35 Updated: nethserver-nextcloud-1.1.8-1.ns7.noarch
Nov 07 17:52:37 Updated: kernel-tools-3.10.0-693.5.2.el7.x86_64
Nov 07 17:52:37 Installed: 1:grub2-2.02-0.65.el7.centos.2.x86_64
Nov 07 17:52:38 Updated: nethserver-dc-1.3.1-1.ns7.x86_64
Nov 07 17:52:38 Updated: nethserver-samba-audit-1.1.3-1.ns7.noarch
Nov 07 17:52:39 Updated: nethserver-firewall-base-3.2.7-1.ns7.noarch
Nov 07 17:52:39 Updated: nethserver-duc-1.4.3-1.ns7.noarch
Nov 07 17:52:40 Updated: nethserver-release-7-5.ns7.noarch
Nov 07 17:52:40 Updated: python2-keyring-5.0-3.el7.noarch
Nov 07 17:52:41 Updated: python-perf-3.10.0-693.5.2.el7.x86_64
Nov 07 17:52:44 Updated: tzdata-2017c-1.el7.noarch
Nov 07 17:52:45 Updated: wget-1.14-15.el7_4.1.x86_64
Nov 07 17:52:45 Updated: epel-release-7-11.noarch
Nov 07 17:53:17 Installed: kernel-3.10.0-693.5.2.el7.x86_64
Nov 07 17:53:17 Updated: nethserver-lang-en-1.2.3-1.ns7.noarch
Nov 07 17:53:28 Erased: 1:grub2-tools-efi-2.02-0.64.el7.centos.x86_64
this error was in messages;
Nov 7 18:09:32 server7c sssd: ; TSIG error with server: tsig verify failure
Nov 7 18:09:32 server7c sssd: update failed: SERVFAIL
Nov 7 18:09:32 server7c sssd: ; TSIG error with server: tsig verify failure
Nov 7 18:09:32 server7c sssd: update failed: SERVFAIL
Nov 7 18:09:32 server7c sssd: ; TSIG error with server: tsig verify failure
Nov 7 18:09:32 server7c sssd: update failed: SERVFAIL
Nov 7 18:09:32 server7c sssd: ; TSIG error with server: tsig verify failure
Nov 7 18:09:32 server7c sssd: update failed: SERVFAIL
Nov 7 18:09:32 server7c sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
Nov 7 18:09:32 server7c sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
Nov 7 18:09:32 server7c sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
rebooted to shapshot for the container update but when I went to the accounts provider page there was no option to reboot and the samba ver 4.6.8, I know you guys stated you were going to set the container to auto update after the last updates;
but, post reboot I get this… a long list of rrd errors… but I still have successful share auth and nextcloud works.
Nov 7 18:18:01 server7c sssd: ; TSIG error with server: tsig verify failure
Nov 7 18:18:01 server7c sssd: update failed: SERVFAIL
Nov 7 18:18:01 server7c sssd: ; TSIG error with server: tsig verify failure
Nov 7 18:18:01 server7c sssd: update failed: SERVFAIL
Nov 7 18:18:02 server7c sssd: ; TSIG error with server: tsig verify failure
Nov 7 18:18:02 server7c sssd: update failed: SERVFAIL
Nov 7 18:18:02 server7c sssd: ; TSIG error with server: tsig verify failure
Nov 7 18:18:02 server7c sssd: update failed: SERVFAIL
Nov 7 18:18:02 server7c sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
Nov 7 18:18:02 server7c sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
Nov 7 18:18:02 server7c sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
Nov 7 18:18:03 server7c collectd[993]: rrdtool plugin: rrd_update_r (/var/lib/collectd/rrd/server7c.mydomain.com/memory/memory-used.rrd) failed: /var/lib/collectd/rrd/server7c.mydomain.com/memory/memory-used.rrd: illegal attempt to update using time 1510103793 when last update time is 1510103793 (minimum one second step)
Nov 7 18:18:03 server7c collectd[993]: rrdtool plugin: rrd_update_r (/var/lib/collectd/rrd/server7c.mydomain.com/memory/memory-buffered.rrd) failed: /var/lib/collectd/rrd/server7c.mydomain.com/memory/memory-buffered.rrd: illegal attempt to update using time 1510103793 when last update time is 1510103793 (minimum one second step)
Nov 7 18:18:03 server7c collectd[993]: rrdtool plugin: rrd_update_r (/var/lib/collectd/rrd/server7c.mydomain.com/memory/memory-cached.rrd) failed: /var/lib/collectd/rrd/server7c.mydomain.com/memory/memory-cached.rrd: illegal attempt to update using time 1510103793 when last update time is 1510103793 (minimum one second step)
Nov 7 18:18:03 server7c collectd[993]: rrdtool plugin: rrd_update_r (/var/lib/collectd/rrd/server7c.mydomain.com/memory/memory-free.rrd) failed: /var/lib/collectd/rrd/server7c.mydomain.com/memory/memory-free.rrd: illegal attempt to update using time 1510103793 when last update time is 1510103793 (minimum one second step)
Nov 7 18:18:03 server7c collectd[993]: rrdtool plugin: rrd_update_r (/var/lib/collectd/rrd/server7c.mydomain.com/memory/memory-slab_unrecl.rrd) failed: /var/lib/collectd/rrd/server7c.mydomain.com/memory/memory-slab_unrecl.rrd: illegal attempt to update using time 1510103793 when last update time is 1510103793 (minimum one second step)
Nov 7 18:18:03 server7c collectd[993]: rrdtool plugin: rrd_update_r (/var/lib/collectd/rrd/server7c.mydomain.com/memory/memory-slab_recl.rrd) failed: /var/lib/collectd/rrd/server7c.mydomain.com/memory/memory-slab_recl.rrd: illegal attempt to update using time 1510103793 when last update time is 1510103793 (minimum one second step)
Now what? This is that problematic production server.
And… after all this… the /etc/krb5.conf is still the same as I originally posted… it does not have the domain written in it.
from the gui, the domain accounts page looks good, the accounts provider page looks right and there are no error banners on the dashboard, shares are accessible by domain\user and the nextcloud client connects fine. I’m still scared though.