Sanjay Sane
2003-Dec-04 01:57 UTC
[Samba] Help !! -- Win2k Active Directory, Kerberos, Samba 3
Environment: redhat, Linux 2.4.7 Samba Version 3.0.0 MIT Kerberos 5 Win2k SP2, running Active Directory. Steps done: 1. net ads join -U admin%admin works fine. Able to see the linux PC test2 on Win2k ActiveDirectory Computers' console. ----- PROBLEM: --------- Not able to test authentication of a valid AD user against Samba. (tried through smbclient and also through Win2k PCs logged on to domain) [root@test2 samba]# smbclient -L test2 -U admin Password: session setup failed: NT_STATUS_LOGON_FAILURE [root@test2 samba]# Turning debug on smbd results following ____________________________________ ...... [2003/12/03 17:37:30, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(285) Got user=[admin] domain=[DOMAIN] workstation=[TEST2] len1=24 len2=24 [2003/12/03 17:37:30, 3] auth/auth.c:check_ntlm_password(215) check_ntlm_password: Checking password for unmapped user [DOMAIN]\[admin]@[TEST2] with the new password interface [2003/12/03 17:37:30, 3] auth/auth.c:check_ntlm_password(218) check_ntlm_password: mapped user is: [DOMAIN]\[admin]@[TEST2] [2003/12/03 17:37:30, 3] smbd/sec_ctx.c:push_sec_ctx(255) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/12/03 17:37:30, 3] smbd/uid.c:push_conn_ctx(286) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/12/03 17:37:30, 3] smbd/sec_ctx.c:set_sec_ctx(287) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/12/03 17:37:30, 3] smbd/sec_ctx.c:pop_sec_ctx(385) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/12/03 17:37:30, 3] auth/auth_util.c:make_server_info_info3(1008) User admin does not exist, trying to add it [2003/12/03 17:37:30, 0] auth/auth_util.c:make_server_info_info3(1017) make_server_info_info3: pdb_init_sam failed! [2003/12/03 17:37:30, 2] auth/auth.c:check_ntlm_password(307) check_ntlm_password: Authentication for user [admin] -> [admin] FAILED with error NT_STATUS_NO_SUCH_USER [2003/12/03 17:37:30, 3] smbd/process.c:timeout_processing(1099) timeout_processing: End of file from client (client has disconnected). [2003/12/03 17:37:30, 3] smbd/sec_ctx.c:set_sec_ctx(287) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/12/03 17:37:30, 2] smbd/server.c:exit_server(558) Closing connections [2003/12/03 17:37:30, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2003/12/03 17:37:30, 3] smbd/connection.c:yield_connection(75) yield_connection: tdb_delete for name failed with error Record does not exist. [2003/12/03 17:37:30, 3] smbd/server.c:exit_server(601) Server exit (normal exit) ____________________________________ relevant smb.conf --> _________________________________________ [global] # all security related configurations # security security = ads encrypt passwords = yes realm = domain.local workgroup = DOMAIN netbios name = TEST2 #winbindd configuration winbind separator = + idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes template homedir = /home/%D/%U template shell = /bin/bash [public] path = /local/ public = yes only guest = yes writable = yes printable = no _____________________________________________ Kerberos setup works fine, have validated by using kinit, etc. Please help. Thanks, Sanjay
Apparently Analagous Threads
Wisdom of the Ancients
