[Samba] Re: Authentication against AD?

Jason Gerfen jason.gerfen at scl.utah.edu
Wed Sep 14 17:26:53 GMT 2005 

Jason Gerfen wrote:

> <snippit>
>
>> dns_lookup_realm = true
>> dns_lookup_kdc = true
>> default_tkt_enctypes = des-cbc-crc des-cbc-md5
>> default_tgs_enctypes = des-cbc-crc
>>  
>>
> I have added these options to my krb5.conf per your suggestion
>
>> Note the default enctypes.  Seems in the way back I was getting 
>> errors; adding these fixed that.  Others may disagree, and YMMV.
>>
>> Dimitri
>>  
>>
>
> I have the following services running smbd, nmbd & winbindd.  Here are 
> snippits of the logs log.nmbd, log.smbd and log.winbind
>
> log.winbind
> [2005/09/14 10:38:06, 1] nsswitch/winbindd.c:main(864)
>  winbindd version 3.0.13-1.1-SUSE started.
>  Copyright The Samba Team 2000-2004
> [2005/09/14 10:38:08, 1] 
> nsswitch/winbindd_ads.c:ads_cached_connection(81)
>  ads_connect for domain SCL.UTAH.EDU failed: No such file or directory
>
> log.smbd
> [2005/09/14 11:03:04, 0] printing/print_cups.c:cups_cache_reload(85)
>  Unable to connect to CUPS server localhost - Connection refused
> [2005/09/14 11:03:04, 0] printing/print_cups.c:cups_cache_reload(85)
>  Unable to connect to CUPS server localhost - Connection refused
> ** I am not running cups
>
> log.nmbd
> add_domain_logon_names:
>  Attempting to become logon server for workgroup SCL.UTAH.EDU on 
> subnet 192.168.0.3
> [2005/09/14 10:38:12, 0] 
> nmbd/nmbd_logonnames.c:become_logon_server_success(124)
>  become_logon_server_success: Samba is now a logon server for 
> workgroup SCL.UTAH.EDU on subnet 192.168.0.3
> [2005/09/14 10:43:48, 0] 
> nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
>  *****
>
>  Samba name server ODIN-NEWB is now a local master browser for 
> workgroup DOMAIN.Com on subnet 192.168.0.3
>
>  *****
>
> I am still not able to authenticate against the domain, any other 
> suggestions?
>
If it helps any this is the response from wbinfo

%> wbinfo -m
BUILTIN

the -t and -u options return errors as well:
jason at odin-newb:~> sudo wbinfo -m
BUILTIN
jason at odin-newb:~> sudo wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_PIPE_NOT_AVAILABLE (0xc00000ac)
Could not check secret
jason at odin-newb:~> sudo wbinfo -u
Error looking up domain users



-- 
Jason Gerfen
Student Computing Labs, University Of Utah
jason.gerfen at scl.utah.edu

J. Willard Marriott Library
295 S 1500 E, Salt Lake City, UT 84112-0860
801-585-9810

"My girlfriend threated to
 leave me if I went boarding...
 I will miss her."
 ~ DIATRIBE aka FBITKK

More information about the samba mailing list