> Above when you said "it works" after trying "net ads join", did you mean just the join, or that samba started to authenticate domain users normally?
After additionally trying "net ads join" samba started to authenticate domain users normally. I can access a shared directory with a domain user without smb crash. > check if "net ads join" creates another entry in the keytab file Yes, "net ads join" additionally adds cifs/* entries in the keytab file. I'm asking sa...@lists.samba.org if an additional "net ads join" is necessary when joining to AD by realm and use sssd for authentication. > After a lot of experimentation, I got my samba server, with "security = ads" > but no winbind and no "net ads join" command, to authenticate an AD user > using kerberos. > What nailed it was to use setspn on the windows side to add cifs/<hostname> > to the computer account, like this (for a "bionic-sssd" computer account): > > setspn -S cifs/bionic-sssd bionic-sssd Same here! It is also working with adding SPN host/ instead of cifs/. Is there any linux tool that can rpc and create SPNs on the DC? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1761737 Title: [bionic] samba PANIC, INTERNAL ERROR: Signal 11 To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1761737/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
