Hi,
We have a Windows 2000 domain controller using active directory. I would like to
authenticate users against it, but it's not working. I've been trying
for 2 weeks without much luck. Any (and I do mean ANY) help would be greatly
appreciated.
My linux box: Linux cptapp01 2.6.10-5-386 #1 Tue Apr 5 12:12:40 UTC 2005 i686
GNU/Linux (Ubuntu)
My samba: Version 3.0.20
My smb.conf:
[global]
workgroup = MINDPEARL
realm = MINDPEARL
server string = %h server (Samba, Ubuntu)
security = ADS
obey pam restrictions = Yes
password server = 10.46.160.43
passdb backend = tdbsam, guest
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
wins server = 10.46.120.228
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind use default domain = Yes
invalid users = root
[homes]
comment = Home Directories
create mask = 0700
directory mask = 0700
browseable = No
[test]
comment = Testing Share
path = /tmp
guest ok = Yes
locking = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
my /etc/krb5.conf:
[libdefaults]
default_realm = MINDPEARL
[realms]
MINDPEARL = {
kdc = 10.46.160.43
}
MINDPEARL.LOCAL = {
kdc = 10.46.160.43
}
[domain_realms]
.kerberos.server = mindpearl
My log.smbd:
[2005/08/31 17:46:30, 0] passdb/pdb_tdb.c:tdbsam_tdbopen(195)
Unable to open/create TDB passwd
[2005/08/31 17:46:30, 0] passdb/pdb_tdb.c:tdbsam_getsampwrid(488)
pdb_getsampwrid: Unable to open TDB rid database!
[2005/08/31 17:46:30, 0] smbd/server.c:main(839)
standard input is not a socket, assuming -D option
[2005/08/31 17:46:32, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password host/CPTAPP01@MINDPEARL.LOCAL failed:
Preauthentication failed
[2005/08/31 17:46:32, 0] printing/nt_printing.c:nt_printing_init(636)
nt_printing_init: error checking published printers: WERR_ACCESS_DENIED
My log.10.46.161.93 (client machine):
[2005/08/31 17:46:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/08/31 17:46:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/08/31 17:46:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/08/31 17:46:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/08/31 17:46:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/08/31 17:46:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/08/31 17:46:37, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/08/31 17:46:37, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/08/31 17:46:37, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/08/31 17:46:37, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/08/31 17:46:37, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/08/31 17:46:42, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
My log.winbindd:
[2005/08/31 17:46:31, 1] nsswitch/winbindd.c:main(935)
winbindd version 3.0.20 started.
Copyright The Samba Team 2000-2004
[2005/08/31 17:46:32, 0] libsmb/cliconnect.c:cli_session_setup_spnego(762)
Kinit failed: Preauthentication failed
Pretty,pretty please.
---
Lee Engel
IT Co-ordinator
Mindpearl AG, Cape Town
Tel: +27 21 440 6702
Fax: +27 21 440 6800
Mobile: +27 82 776 6881
www.mindpearl.com
