Cliff Flood
2010-Jun-28 18:22 UTC
[Samba] Logging into Samba PDC with LDAP + Kerberos Backend
Hi, I've been working to integrating a Samba PDC, running 3.5.3, with an existing LDAP + Kerberos backend. After much research and testing I've gotten to the point where I can join Windows clients to my domains but I haven't yet managed to get authentication via Samba to work. The goal is to have Windows clients use our single sign-on as we do with the rest of our infrastructure. I'm attempting to use winbind to pass authentication to our existing Kerberos. wbinfo -u and wbinfo -g work as expected but wbinfo -a username%password does not and instead I get: plaintext password authentication failed Could not authenticate user username%password with plaintext password challenge/response password authentication failed error code was NT_STATUS_INVALID_HANDLE (0xc0000008) error messsage was: Invalid handle Could not authenticate user username with challenge/response (I get the same result whether I specify the domain in the command or not. I have attached my krb5.conf and smb.conf, level 10 log files log.winbindd and log.wb-$DOMAIN of a failed wbinfo -a Even though I have been working on this for a few weeks I think there are still some big gaps in my understanding of how this stack of technologies work together so please excuse any glaring errors I have made. I'm eager to know where I've gone wrong so please let me know what I should be looking into and any other information I can provide. Sounds like I could be experiencing this recently reported unconfirmed bug: https://bugzilla.samba.org/show_bug.cgi?id=7481 Anyone else seen this? All responses appreciated. -- Cliff Flood System Administrator +1 416 673 4151 -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: krb5.conf URL: <http://lists.samba.org/pipermail/samba/attachments/20100628/3c2b1fa3/attachment.ksh> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: log.wb-SAMBALAB URL: <http://lists.samba.org/pipermail/samba/attachments/20100628/3c2b1fa3/attachment-0001.ksh> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: log.winbindd URL: <http://lists.samba.org/pipermail/samba/attachments/20100628/3c2b1fa3/attachment-0002.ksh> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: smb.conf URL: <http://lists.samba.org/pipermail/samba/attachments/20100628/3c2b1fa3/attachment-0003.ksh>
Apparently Analagous Threads
Wisdom of the Ancients
