thr3ads.net - samba - [Samba] Problem authenticating against Active Directory (samba 3.0.9 / fedora core 3) [Dec 2004]

If this information is useful, please help other people find it:
Share via:

Bill Bradford

2004-Dec-02 23:44 UTC

[Samba] Problem authenticating against Active Directory (samba 3.0.9 / fedora core 3)

I've spent all day on this, and I can't, for the life of me, get Samba
3.0.9 (updated RPM for Fedora Core 3) to authenticate properly against
Active Directory.

(I've edited out the actual domain name, username, etc)

I've synced up time (to within a half-second) with the domain controller.

Kerberos works:

[root@printshop samba]# kinit username@AD.DOMAIN.COM
Password for username@AD.DOMAIN.COM:

Joining the domain works:

[root@printshop samba]# net ads join -U 'username%password'
[2004/12/02 17:29:26, 0] libads/ldap.c:ads_add_machine_acct(1474)
  Warning: ads_set_machine_sd: Unexpected information received
Using short domain name -- AD
Joined 'PRINTSHOP' to realm 'AD.DOMAIN.COM'

but then I can't get a list of shares:

[root@printshop samba]# smbclient -L localhost -U username
Password: 
session setup failed: NT_STATUS_LOGON_FAILURE

Here's my /etc/krb5.conf:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
[libdefaults]
 ticket_lifetime = 24000
 default_realm = AD.DOMAIN.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
[realms]
 AD.DOMAIN.COM = {
 kdc = DC01.AD.DOMAIN.COM:88
 admin_server = dc01.ad.domain.com:749
 default_domain = ad.domain.com
 }
[domain_realms]
.domain.com = .DOMAIN.COM
domain.com = DOMAIN.COM
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

Here's my /etc/samba/smb.conf:

[global]
        realm = AD.DOMAIN.COM
        workgroup  = AD
        password server = dc01.ad.domain.com
        security = ADS
        encrypt passwords = yes
        server string = Print Server
        load printers = yes
        printing = cups
        cups options = raw
        log file = /var/log/samba/%m.log
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = yes
   guest ok = yes
   writable = no
   printable = yes
   public = yes

(yes, the only thing I'm trying to share is printers)

In the logfiles, I'm seeing a ton of this:

[2004/12/02 16:32:59, 0] auth/auth_util.c:make_server_info_info3(1134)
  make_server_info_info3: pdb_init_sam failed!
[2004/12/02 16:45:39, 0] auth/auth_util.c:make_server_info_info3(1134)
  make_server_info_info3: pdb_init_sam failed!
[2004/12/02 16:57:20, 0] auth/auth_util.c:make_server_info_info3(1134)
  make_server_info_info3: pdb_init_sam failed!
[2004/12/02 17:33:51, 0] auth/auth_util.c:make_server_info_info3(1134)
  make_server_info_info3: pdb_init_sam failed!

The same username/password works fine authenticating directly against the DC.

Any suggestions?  I've been working on this literally all day, and all
I want to do is share three printers with our Windows users..

Thanks.

Bill

Apparently Analagous Threads

Search for more possibly parallel threads

samba - Dec 2004 - Problem authenticating against Active Directory (samba 3.0.9 / fedora core 3)

[Samba] Problem authenticating against Active Directory (samba 3.0.9 / fedora core 3)

Apparently Analagous Threads

Wisdom of the Ancients