samba3.0 alpha and kerberos5 authentication
Ville Lehtola
vlehtola at cc.hut.fi
Thu Jun 20 09:42:03 GMT 2002
Hi.
I have followed the ADS-HOWTO.txt in trying to get smbd behind
kerberos authentication. The w2k kdc neatly distributes the ticket
for the smbd and i have made the accounts for smbd and mirage-host
in the w2k kdc.
NT_STATUS_LOGON_FAILURE seems to be the core of the problem, meaning
that the smbd or mirage useraccount cannot authenticate (?)
I have included two different logs which i hope can give you the
accurate details to solve this problem.
PS. Yes, I tried to connect to the localhost smbd server, but it
shouldn't affect the result because smbd krb5 authentication fails
with w2k client also.
Ville Lehtola
email: Ville.Lehtola at hut.fi
[root at mirage bin]# kinit smbtest
Password for smbtest at FUT.HUT.FI:
[root at mirage bin]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: smbtest at FUT.HUT.FI
Valid starting Expires Service principal
06/20/02 16:09:25 06/21/02 02:09:25 krbtgt/FUT.HUT.FI at FUT.HUT.FI
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[root at mirage bin]# ./net ads join
[2002/06/20 16:09:37, 0] libads/ldap.c:ads_join_realm(1061)
Host account for mirage already exists - deleting old account
Joined 'MIRAGE' to realm 'FUT.HUT.FI'
[root at mirage bin]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: smbtest at FUT.HUT.FI
Valid starting Expires Service principal
06/20/02 16:09:25 06/21/02 02:09:25 krbtgt/FUT.HUT.FI at FUT.HUT.FI
06/20/02 16:10:17 06/21/02 02:09:25 ldap/dc02 at FUT.HUT.FI
06/20/02 16:10:20 06/21/02 02:09:25 kadmin/changepw at FUT.HUT.FI
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[root at mirage bin]# ./smbclient //mirage/public -k
added interface ip=193.167.1.133 bcast=193.167.1.255 nmask=255.255.254.0
Doing spnego session setup (blob length=98)
Doing kerberos session setup
krb5_get_credentials failed for HOST/mirage at FUT.HUT.FI (KDC has no support
for encryption type)
session setup failed: NT_STATUS_LOGON_FAILURE
[root at mirage bin]#
##############################################################
[root at mirage bin]# ./smbclient //mirage/public -k -d <bignumber>
added interface ip=193.167.1.133 bcast=193.167.1.255 nmask=255.255.254.0
Client started (version 3.0-alpha17).
internal_resolve_name: looking up mirage#20
resolve_lmhosts: Attempting lmhosts lookup for name mirage<0x20>
startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error
was No such file or directory
resolve_wins: Attempting wins lookup for name mirage<0x20>
wins_srv_count: WINS status: 0 servers.
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name mirage<0x20>
internal_resolve_name: returning 1 addresses: 127.0.0.1
Connecting to 127.0.0.1 at port 445
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 16384
socket option SO_RCVBUF = 16384
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
session request ok
write_socket(3,183)
write_socket(3,183) wrote 183
got smb length of 167
size=167
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=18433
smb_tid=0
smb_pid=28118
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=7 (0x7)
smb_vwv[1]=12803 (0x3203)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=65280 (0xFF00)
smb_vwv[4]=255 (0xFF)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=55040 (0xD700)
smb_vwv[8]=109 (0x6D)
smb_vwv[9]=64768 (0xFD00)
smb_vwv[10]=32995 (0x80E3)
smb_vwv[11]=128 (0x80)
smb_vwv[12]=55372 (0xD84C)
smb_vwv[13]=23009 (0x59E1)
smb_vwv[14]=49688 (0xC218)
smb_vwv[15]=19457 (0x4C01)
smb_vwv[16]=25343 (0x62FF)
smb_bcc=98
[000] 6D 69 72 61 67 65 00 00 00 00 00 00 00 00 00 00 mirage.. ........
[010] 60 50 06 06 2B 06 01 05 05 02 A0 46 30 44 A0 24 `P..+... ...F0D.$
[020] 30 22 06 0A 2B 06 01 04 01 82 37 02 02 0A 06 09 0"..+... ..7.....
[030] 2A 86 48 86 F7 12 01 02 02 06 09 2A 86 48 82 F7 *.H..... ...*.H..
[040] 12 01 02 02 A3 1C 30 1A A0 18 1B 16 48 4F 53 54 ......0. ....HOST
[050] 2F 6D 69 72 61 67 65 40 46 55 54 2E 48 55 54 2E /mirage@ FUT.HUT.
[060] 46 49 FI
size=167
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=18433
smb_tid=0
smb_pid=28118
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=7 (0x7)
smb_vwv[1]=12803 (0x3203)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=65280 (0xFF00)
smb_vwv[4]=255 (0xFF)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=55040 (0xD700)
smb_vwv[8]=109 (0x6D)
smb_vwv[9]=64768 (0xFD00)
smb_vwv[10]=32995 (0x80E3)
smb_vwv[11]=128 (0x80)
smb_vwv[12]=55372 (0xD84C)
smb_vwv[13]=23009 (0x59E1)
smb_vwv[14]=49688 (0xC218)
smb_vwv[15]=19457 (0x4C01)
smb_vwv[16]=25343 (0x62FF)
smb_bcc=98
[000] 6D 69 72 61 67 65 00 00 00 00 00 00 00 00 00 00 mirage.. ........
[010] 60 50 06 06 2B 06 01 05 05 02 A0 46 30 44 A0 24 `P..+... ...F0D.$
[020] 30 22 06 0A 2B 06 01 04 01 82 37 02 02 0A 06 09 0"..+... ..7.....
[030] 2A 86 48 86 F7 12 01 02 02 06 09 2A 86 48 82 F7 *.H..... ...*.H..
[040] 12 01 02 02 A3 1C 30 1A A0 18 1B 16 48 4F 53 54 ......0. ....HOST
[050] 2F 6D 69 72 61 67 65 40 46 55 54 2E 48 55 54 2E /mirage@ FUT.HUT.
[060] 46 49 FI
Serverzone is -10800
Doing spnego session setup (blob length=98)
got OID=1 3 6 1 4 1 311 2 2 10
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 48018 1 2 2
got principal=HOST/mirage at FUT.HUT.FI
Doing kerberos session setup
krb5_get_credentials failed for HOST/mirage at FUT.HUT.FI (KDC has no support
for e
ncryption type)
write_socket(3,146)
write_socket(3,146) wrote 146
got smb length of 35
size=35
smb_com=0x73
smb_rcls=109
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=28118
smb_uid=0
smb_mid=1
smt_wct=0
smb_bcc=0
size=35
smb_com=0x73
smb_rcls=109
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=28118
smb_uid=0
smb_mid=1
smt_wct=0
smb_bcc=0
session setup failed: NT_STATUS_LOGON_FAILURE
More information about the samba-technical
mailing list