Hi Everybody, We are working on samba 3.0.2a with sun kerberos SEAM and Netscape iDirectory Server support. We are able to integrate samba with ldap support. we tried integrater kerberos for authentication. We found a solution using pam via pam_krb5 module provided by the sun solaris 8. One important fact we found out using samba pam authentication, it directly calls for an account management function instead of an authentication function. Please refer pam_smb_accountcheck function () in pampass.c in source/auth . We have included options like obey pam instructions and pam password change to be positive in smb.conf and we have included information about samba service in the pam configuration file. we have included information about pam in the krb5.conf of kerberos. I have also set the encrypt password to be positive in smb.conf file. I am able to get a solaris machine getting authenticated by the kerberos server.The problem is when i try to join a Win xp computer to the samba server . I get access denied error. when i check the samba logs, i could find the samba sam authentication succeded but when the pam authentication takes place , It says authentication failed , User rejected etc., I could not find any information about samba server contacting in the kerberose server logs. SAMBA server is not contacting the KERBEROS server for authentication. Please any suggestions is appreciated. I could send the configuration of samba and pam and kerberos if the information is not sufficient. eccsamba __________________________________ Do you Yahoo!? Yahoo! Small Business $15K Web Design Giveaway http://promotions.yahoo.com/design_giveaway/
thats not a good option as the password for the kerberos user must be passed in CLEARTEXT for the pam_krb5 module to work for samba auth. I don't think you can even tell XP to do that. On Tue, 2004-04-06 at 01:23, aarumuga arumugam wrote:> Hi Everybody, > We are working on samba 3.0.2a with sun > kerberos SEAM and Netscape iDirectory Server support. > We are able to integrate samba with ldap support. we > tried integrater kerberos for authentication. We found > a solution using pam via pam_krb5 module provided by > the sun solaris 8. > > One important fact we found out using samba pam > authentication, it directly calls for an account > management function instead of an authentication > function. Please refer pam_smb_accountcheck function > () in pampass.c in source/auth . > > We have included options like obey pam instructions > and pam password change to be positive in smb.conf > and we have included information about samba service > in the pam configuration file. we have included > information about pam in the krb5.conf of kerberos. I > have also set the encrypt password to be positive in > smb.conf file. > > I am able to get a solaris machine getting > authenticated by the kerberos server.The problem is > when i try to join a Win xp computer to the samba > server . I get access denied error. when i check the > samba logs, i could find the samba sam authentication > succeded but when the pam authentication takes place , > It says authentication failed , User rejected etc., > > I could not find any information about samba server > contacting in the kerberose server logs. > SAMBA server is not contacting the KERBEROS server for > authentication. > Please any suggestions is appreciated. I could send > the configuration of samba and pam and kerberos if the > information is not sufficient. > > eccsamba > > __________________________________ > Do you Yahoo!? > Yahoo! Small Business $15K Web Design Giveaway > http://promotions.yahoo.com/design_giveaway/
Edward W. Ray
2004-Apr-06 22:24 UTC
[Samba] Help for the Kerberos challenged in the audience
I am running Samba v3.0.2a on a fully patched Red Hat Linux 9 machine. Nmbd, smbd and winbindd are all running. I am trying to authenticate to a Windows 2003 native AD domain. I received the following error: net ads join -U root%password [2004/04/06 15:11:10, 0] libads/kerberos.c:ads_kinit_password(133) kerberos_kinit_password root@MMICMANHOMENET.LOCAL failed: Decrypt integrity check failed If someone could point me to the solution to this problem, it would be appreciated. Thanks in advance. Edward W. Ray
Brett Stevens
2004-Apr-13 23:41 UTC
[Samba] Help for the Kerberos challenged in the audience
Can you post your configs, SMB.conf and krb5.conf thanks> From: "Edward W. Ray" <ewray@mmicman.com> > Organization: MMICMAN, LLC > Reply-To: ewray@mmicman.com > Date: Tue, 6 Apr 2004 15:24:20 -0700 > To: <samba@lists.samba.org> > Subject: [Samba] Help for the Kerberos challenged in the audience > > I am running Samba v3.0.2a on a fully patched Red Hat Linux 9 machine. > Nmbd, smbd and winbindd are all running. I am trying to authenticate to a > Windows 2003 native AD domain. > > I received the following error: > > net ads join -U root%password > [2004/04/06 15:11:10, 0] libads/kerberos.c:ads_kinit_password(133) > kerberos_kinit_password root@MMICMANHOMENET.LOCAL failed: Decrypt > integrity check failed > > If someone could point me to the solution to this problem, it would be > appreciated. > > Thanks in advance. > > Edward W. Ray > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >