http://bugzilla.opensuse.org/show_bug.cgi?id=1092099
http://bugzilla.opensuse.org/show_bug.cgi?id=1092099#c8
--- Comment #8 from Satoru Matsumoto
looks like we need to update the shipped apparmor profiles. These are the missing entries:
/etc/apparmor.d/usr.sbin.smbd: ... /usr/lib*/samba/auth/*.so mr, /usr/lib*/samba/gensec/*.so mr, ...
/etc/apparmor.d/usr.sbin.winbindd: ... /run/user/*/krb5cc/* rwk, ...
Then reload apparmor with 'rcapparmor reload' and restart samba with 'rcsamba-ad-dc restart' to refresh the shares profile "/etc/apparmor.d/local/usr.sbin.smbd-shares"
This had no effect on this case. And /etc/apparmor.d/local/usr.sbin.smbd-shares isn't refreshed (still empty). Even if I stop apparmor with "rcapparmor stop", the problem cannot be solved.
About the kinit error "Cannot contact any KDC for realm 'TAD24.MYCOMPANY.CO.JP' while getting initial credentials", check your primary resolver is 127.0.0.1 in /etc/resolv.conf.
There's a little bit progress on this. The resolver has been correct. I added entry below to /etc/krb5.conf : ... [realms] TAD24.MYCOMPANY.CO.JP = { kdc = taddc24.tad24.mycompany.co.jp admin_server = taddc24.tad24.mycompany.co.jp } ... After that, the result of kinit and klist has been changed. # kinit Administrator@TAD24.MYCOMPANY.CO.JP kinit: Credential cache directory /run/user/0/krb5cc does not exist while getting default ccache # klist klist: Credential cache directory /run/user/0/krb5cc does not exist while getting default ccache -- You are receiving this mail because: You are on the CC list for the bug.