On Mon, 2012-01-23 at 09:58 +1000, Peter Tan wrote: > Hi Simo, > > Thanks for your email. (It is good to get some reassurances I am on the right > track...:) > > "My preferred one is to join the cluster to the domain with the public name > (clusterpub) in your case, and share the keytab between the 2 nodes. They are > logically a single server and need to share the same credentials." > > This is how I have set it up (as per samba ctdb wiki documentation) using > "clusterpub" but it just refuses to let me map "\\clusterpub\share" on my > windows client. I can hit the individual node's share using IP: > \\10.101.4.16\share & \\10.101.4.17\share and these work fine (which is > really working as per your option two). > > As given before, incredibly I am able to successfully connect to > \\clusterpub\share using smbclient from one of the linux nodes using my > window domain login. I am confident winbind is working ok. > > It looks like Kerberos is having a problem. When trying to map from windows I > get the following error in /var/log/messages (on the node that dns happens to > send me to): "krb5_rd_req failed (Key table entry not found)". > > # klist -ke > Keytab name: FILE:/etc/krb5.keytab > KVNO Principal > ---- > -------------------------------------------------------------------------- > 2 host/clusterpub.mydomain...@mydomain.au (DES cbc mode with CRC-32) > 2 host/clusterpub. mydomain.au @ MYDOMAIN.AU (DES cbc mode with RSA-MD5) > 2 host/clusterpub. mydomain.au @ MYDOMAIN.AU (ArcFour with HMAC/md5) > 2 host/clusterpub@ MYDOMAIN.AU (DES cbc mode with CRC-32) > 2 host/clusterpub@ MYDOMAIN.AU (DES cbc mode with RSA-MD5) > 2 host/clusterpub@ MYDOMAIN.AU (ArcFour with HMAC/md5) > 2 CLUSTERPUB$@ MYDOMAIN.AU (DES cbc mode with CRC-32) > 2 CLUSTERPUB$@ MYDOMAIN.AU (DES cbc mode with RSA-MD5) > 2 CLUSTERPUB$@ MYDOMAIN.AU (ArcFour with HMAC/md5)
I think you are missing keys for cifs/fqdn@REALM Simo. -- Simo Sorce Samba Team GPL Compliance Officer <s...@samba.org> Principal Software Engineer at Red Hat, Inc. <s...@redhat.com> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba