I'm having 6 Ubuntu 14.04 servers that are joined to active directory (2003 domain functional level 2008r2 schema)
All of the servers work's fine when network interface is configured to use DHCP.
But the networks these servers will be located on when they go live dont have any DHCP servers so they HAVE to use static ip config.
I'm using the following PAM config for auth:
auth sufficient pam_winbind.so
auth sufficient pam_unix.so nullok_secure use_first_pass
auth required pam_deny.so
/etc/krb5.conf
[realms]
MYDOMAIN.COM = {
}
[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
and my /etc/samba/smb.conf
[global]
security = ads
realm = MYDOMAIN.COM
workgroup = MYDOMAIN
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
winbind use default domain = yes
restrict anonymous = 2
All of this works fine when the servers were configured to use DHCP but now with static ip it no longer works.
I'm no linux expert but I cant even request a kerberos ticket with
kinit administrator@MYDOMAIN.COM
I get an error saying that it cant locate any kdc, but if I try to specify the kdc in the krb5.conf file i get the following error:
kinit kdc reply did not match expectations while getting initial credentials
Just leave a comment if you need any more information I may have left out (As earlier mentioned no linux expert) 🙂
Best Answer
Add proper forward and reverse entries to Windows domain DNS for all the servers, as Kerberos requires them. It's likely that until now domain DHCP server used to do it automatically, now it doesn't happen due to no DHCP.
Also make sure
/etc/resolv.conf
only lists Windows domain DNS servers.