Hey all,
When I try to authenticate using kerberos (or password), I get an access denied error on the client when running "smbclient -k -L fs01.svr.ipa.domain":
session setup failed: NT_STATUS_ACCESS_DENIED
And it tries to revert to local user lookup on the server:
[2020/03/20 02:47:32.669898, 3] ../auth/kerberos/gssapi_pac.c:123(gssapi_obtain_pac_blob)
gssapi_obtain_pac_blob: obtaining PAC via GSSAPI gss_get_name_attribute failed: The operation or option is not available or unsupported: No such file or directory
[2020/03/20 02:47:32.670131, 3] ../auth/gensec/gensec_util.c:55(gensec_generate_session_info_pac)
gensec_generate_session_info_pac: Unable to find PAC for mddeff@<IPA.DOMAIN>, resorting to local user lookup
------ Server Config -----
[global]
workgroup = SVR
realm = SVR.IPA.DOMAIN
dedicated keytab file = /etc/samba/samba.keytab
kerberos method = dedicated keytab
use kerberos keytab = true
log file = /var/log/samba/log.%m
log level = 3
security = ads
----------
Client:
Fedora 30
File Server:
CentOS 7.7, Samba 4.9.1, ipa-client 4.6.5
selinux is enabled.
Any thoughts? Thanks in advance!
Regards,
Mike