similar to: Samba, Solaris, Windows 2008 - Kerberos Guess Realm Wrong?

I've been trying to get Kerberos to work for the last couple of days so that we can use SSO. I can't seem to get past a roadblock and Google doesn't seem to provide any answers. I've got Samba connected to the AD and running. I can wbinfo everything and can login to the machine using PAM with the pam_winbind modules just fine. I can get user tickets just fine. When I try to get ssh

Hi all, I've been working on getting Samba to authenticate via ADS for the past few weeks with some lack of success. I had somewhat of a breakthrough the other day realizing that the problem was related to the kerberos authentication between Samba and the Win 2008 R2 AD server. Trying to fix this I generated a keytab with ktpass which I uploaded to the server. I've been successful to

Problem with join to Active Directory [root@clust-master samba]# net ads join -S 10.0.0.1 -U Administrator Administrator's password: [2006/05/22 10:24:05, 0] libads/ldap.c:ads_join_realm(1640) ads_add_machine_acct (clust): Type or value exists ads_join_realm: Type or value exists [root@clust-master samba]# kinit Administrator@COROD.LOCAL Password for Administrator@COROD.LOCAL: As you can

HI, I am sorry I forgot to post the problem that I am having. It is the same issue who posted this e-mail originally. Please let me know what should I do to fix the problem that I am having. Edit /etc/samba/smb.conf [global] realm = KERBEROS.REALM security = ADS encrypt passwords = yes password server = kerberos.server Edit /etc/krb5.conf [libdefaults] default_realm = KERBEROS.REALM

Hi all, first of all is it possible to join a Linux machine to AD using a windows user account that is not a member of the group Domain Admins? Cause when I do this I get the following error while executing `net ads join -d 3 -U syncuser`: #net ads join -d 3 -U syncuser [2007/12/11 13:47:12, 3] param/loadparm.c:lp_load(4953) lp_load: refreshing parameters [2007/12/11 13:47:12, 3]

Hello Samba-List-Users I have a problem with KDC network name resolution. I tried to google it and sought help on IRC#samba, to no avail. So I'll post my problem here. In the spirit of privacy and normalization all server names in this post are replaced. CAPTIAL server names are actually capitalized in the configuration files. Setup: 1x Debian5 x64 server running samba 3.2.5 2x Windows

I'm setting up Samba in an environment with 2 Active Directory domains setup with a one way trust (DOMAINA -> DOMAINB). Samba is in DOMAINA. From looking at the logs (see below) it appears that winbind is having troubles getting the credentials for the domain controller in DOMAINB. I can get tickets, using kinit, for accounts in both domains. I can join DOMAINA just fine. Running

# smbclient -k -L //radius/music$ krb5_get_credentials failed for radius$@SBRC.LOCAL (Unknown error -1765328352) spnego_gen_negTokenTarg failed: Unknown error -1765328352 session setup failed: NT_STATUS_OK # wbinfo -u Error looking up domain users log: [2004/03/26 10:48:30, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276) krb5_get_credentials failed for shadow$@SBRC.LOCAL (Unknown error -1765328343)

I have users from Domain A trying to browse a domain member samba server in Domain B. Domain A and Domain B are both Windows 2k domains. Domain B has a one way trust to A. A users can browse Domain B Windows server with no problem so I no the trust is fine. Samba version is 3.0.21b on RH Linux ES 3. The winbindd log is giving me the following error: [2006/02/16 08:28:50, 0]

Using Samba 3.0.1 packages from samba.org on RH 8.0 kernel 2.4.20. I'm trying to get winbindd configured so that we can do single-sign on across Win2k file servers and Samba file servers with ADS. I've configured Samba to do shares but it prompts for username/password unless the user/pass exists in smbpassword. 'net ads join' was successful and secrets.tdb was modified. The

Dear List! I have the problem described at http://lists.samba.org/archive/samba/2008-February/138451.html It is materialized after an upgrade of samba/winbind. Everything was working before. I could not find the solution neither on the net, nor from people originally having the problem, so here I am. This problem is a showstopper for me. (I can login by changing pam_winbind to pam_krb5, but this

Hi! The problem lies in the "winbind separator" settings. If I use winbind separator = \\ everything goes well. I believe this is due to a bug. As I don't want to register to yet another bugzilla, please someone issue the report there. Explanation: winbindd_raw_kerberos_login uses parse_domain_user to generate the kerberos principal from state->request.data.auth.user at this

Please forgive the long post but I am at my wits end here! Below are the files that I have configured, the results of several commands, and some output from log files.... ANY HELP AT ALL??!! wbinfo -p Ping to winbindd failed on fd -1 could not ping winbindd! wbinfo -t checking the trust secret via RPC calls failed error code was (0x0) Could not check secret kinit and klist seem to work

Hello all, As the subject says, as far as I can tell everything works on my ads integrated samba server. Domain accounts can be used for ssh, and accessing shares, I just can't leave the domain. Here is a successful join command followed by an unsuccessful leave command at debug level 4. Any ideas? TIA, Mark user@dordal:~$ sudo net ads join -U administrator@MYDOMAIN.COM -d 4 [2009/03/19

Hello dear list! I'm about to setup a winbind to authenticate my proxy users through Active Directory. Unfortunately the daemon winbindd crash while requesting some wbinfo, Here is a transcript of the problem: IDCSRV922:~ # cat /etc/krb5.conf [libdefaults] default_realm = MY.DOMAIN.COM [realms] [logging] kdc = FILE:/var/log/krb5/krb5kdc.log

Hi list, I have samba-3.0.2-2 rpm installed on Redhat Enterprise Linux 3 AS kernel version. I've been using the Samba 3 How-To and messages on various mailing lists to join Samba to an AD domain and authenticate using winbind/pam. So far Samba has successfully become a member of the AD domain and can browse file servers using smbclient but I haven't been able to get winbind working -

Hi Samba team! I tried with 3.0.22 and now with 2.0.24 and I got the same error. When I try to connect to my file server using a user from a trusted domain (DOMAIN2) my winbindd dies: [2007/02/12 15:14:26, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(328) [ 0]: getpwnam domain2+asspw [2007/02/12 15:14:26, 3] libsmb/namequery.c:resolve_lmhosts(962) resolve_lmhosts: Attempting lmhosts

Having some trouble with the setup of winbind: This command fails: [root@rhsrv local]# /usr/local/samba/bin/net rpc join -S PRIV_DOMAIN -U domain_admin Unable to find a suitable server Unable to find a suitable server Here's the output of winbinds log, I only included what looked useful: ... [2004/08/17 11:11:30, 5] nsswitch/winbindd_cm.c:cm_open_connection(256)

Hi, Since 1 month, I tried without any success to configure Samba. My problem is that winbind crashes when I list users and groups. And I think that it is linked to my trusted domains (wbinfo -domain=myADdomain -u works well). The error is the following : [2006/07/11 14:30:29, 3] libsmb/cliconnect.c:cli_session_setup_spnego(757) got principal=machine$@TRUSTEDDOMAIN.COM [2006/07/11

Hello, I'm trying to join a win2k3 ADS domain using a working config on a debian 'Lenny' (arm processor) from another machine running gentoo (x86 processor) (only changed the netbios name). Samba versions are 3.0.26a on both the machines. I'm pretty sure this is not a kerberos or ldap problem, anyone has a clue what else it could be? # net -d 3 ads join -U administrator