Created attachment 12781 [details] Level 10 debug log file Problem description: In an Active Directory, connections to Samba domain members fail if they have an "includedir" statement in the /etc/krb5.conf file. Steps to reproduce: 1. Add the following line to /etc/krb5.conf: includedir /etc/krb5.conf.d/ Alternatively, update from CentOS 7.2 to 7.3. The krb5-workstation-1.14.1-27 package shipped with 7.3 adds the "includedir" statement. 2. Restart Samba. 3. Connect from Windows to a share on the Samba domain member or to \\host_name\. Actual results: Connections to the domain member fail and Samba logs the following errors: [2016/12/29 19:32:48.400895, 3, pid=21622, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_UNSUCCESSFUL] || at ../source3/smbd/smb2_sesssetup.c:134 [2016/12/29 19:32:48.400904, 10, pid=21622, effective(0, 0), real(0, 0)] ../source3/smbd/smb2_server.c:2988(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_UNSUCCESSFUL] body[8] dyn[yes:1] at ../source3/smbd/smb2_server.c:3145 Expected results: Connections to the domain member should succeed. Additional information: CentOS 7.3 (krb5-workstation-1.14.1-27) adds the following line to the /etc/krb5.conf file: includedir /etc/krb5.conf.d/ Users updating their AD domain member servers to 7.3, are no longer able to connect to shares until they remove the config entry. Workaround: Remove the "includedir" statement from /etc/krb5.conf. No smbd restart is required.
Created attachment 12782 [details] smb.conf
Created attachment 12783 [details] krb5.conf The attached krb5.conf file is the one provided by CentOS 7.3 from my test system. It is the same as on 7.2. The only difference is, that the one shipped with 7.3 (provided by krb5-workstation-1.14.1-26) contains the "includedir" statement.
Created attachment 12784 [details] Screenshot Windows
We have handled this issue in an other bug report: https://bugzilla.samba.org/show_bug.cgi?id=11573 Marking this as duplicate. Björn *** This bug has been marked as a duplicate of bug 11573 ***