Hello all,
Relevant info up front: Gentoo PC, using 2.6.38 kernel and Samba 3.4.12.
I'm trying to get a FreeRadius instance working for our Windows network.
To do so, I need a Linux box running Samba. I've installed and
configured Kerberos, Samba and FreeRadius, and can get most things to
work. I can get a Kerberos key using kinit, and "sudo net ads keytab
list" shows me tickets. I can use things like "net ads user myuser -U
myuser" to get info about my user account. I can use "sudo wbinfo
-t"
to show the secret trust is OK, and "sudo net ads testjoin" works as
well. I can even log on to my switch using RADIUS authentication to my
AD account (using ntlm_auth). So a lot of the pieces are working
correctly.
However, I cannot seem to be able to ssh into the box with a Windows
account. The error I get is in log.wb-MYDOMAIN:
[2011/06/21 07:07:29, 1]
rpc_client/cli_pipe.c:949(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: RPC fault code
DCERPC_FAULT_ACCESS_DENIED received from host MYGC.my.domain.name!
[2011/06/21 07:07:31, 1]
rpc_client/cli_pipe.c:949(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: RPC fault code
DCERPC_FAULT_ACCESS_DENIED received from host MYGC.my.domain.name!
[2011/06/21 07:10:01, 1]
rpc_client/cli_pipe.c:949(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: RPC fault code
DCERPC_FAULT_ACCESS_DENIED received from host MYGC.my.domain.name!
[2011/06/21 07:12:21, 1]
rpc_client/cli_pipe.c:949(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: RPC fault code
DCERPC_FAULT_ACCESS_DENIED received from host MYGC.my.domain.name!
These occur not only when I try to log on via SSH, but also when no-one
is trying to log in, i.e., the system is doing it.
Also, on my GC that is configured as the password server in smb.conf
(and the admin_server and the kdc in krb5.conf), I keep getting errors
that say:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account:
Source Workstation:
Error Code: 0xC0000064
And yes, the middle two fields are empty. The reason I know it's my
server is because these fill the log with up to 20 or so per second, and
as soon as I turn off the server, it stops.
I need to get SSH via Samba auth working so that our network admins can
log on to the box using a non-local account and do management if needed.
Can anyone suggest where to start looking? Any help would be
appreciated. Thanks.
John H. Moe
Network Support - Hatch IT
HATCH
Tel: +61 (7) 3166 7777
Direct: +61 (7) 3166 7684
Fax: +61 (7) 3368 3754
Mobile: +61 438 772 425
61 Petrie Terrace, Brisbane, Queensland Australia 4011
*****************************
NOTICE - This message from Hatch is intended only for the use of the individual
or entity to which it is addressed and may contain information which is
privileged, confidential or proprietary.
Internet communications cannot be guaranteed to be secure or error-free as
information could be intercepted, corrupted, lost, arrive late or contain
viruses. By communicating with us via e-mail, you accept such risks.? When
addressed to our clients, any information, drawings, opinions or advice
(collectively, "information") contained in this e-mail is subject to
the terms and conditions expressed in the governing agreements.? Where no such
agreement exists, the recipient shall neither rely upon nor disclose to others,
such information without our written consent.? Unless otherwise agreed, we do
not assume any liability with respect to the accuracy or completeness of the
information set out in this e-mail.? If you have received this message in error,
please notify us immediately by return e-mail and destroy and delete the message
from your computer.