Unable to authenticate with security=ADS
ZINKEVICIUS,MATT (HP-Loveland,ex1)
matt.zinkevicius at hp.com
Wed Nov 13 06:01:02 GMT 2002
Howdy gang,
I am trying to use samba 3.0 to authenticate using kerberos/ldap to my ADS
server. It's not working. I am mostly going by tridge's ADS-HOWTO.
My Setup:
- Win2k ADS server (dc-native.home.sln)
- Realm name is HOME.SLN
- Linux running samba 3.0alpha21cvs from a couple days ago
(charlie.home.sln)
- MIT kerberos5 1.2.6
- OpenLDAP 2.1.5
- krb5.conf and smb.conf are attached
Here is what I am doing:
1. Start smbd/nmbd
2. Run "kdestroy" to empty the ticket cache
3. Run "net ads join -UAdministrator". It says it joined the realm
successfully.
4. Run "klist" (not "klist tickets" as mentioned in the HOWTO which errors
out)
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator at HOME.SLN
Valid starting Expires Service principal
11/12/02 21:49:53 11/13/02 07:49:53 krbtgt/HOME.SLN at HOME.SLN
11/12/02 21:49:53 11/13/02 07:49:53 dc-native$@HOME.SLN
11/12/02 21:49:55 11/13/02 07:49:53 kadmin/changepw at HOME.SLN
5. Attempt to connect to a share from the dc-native box, which requests a
password :-(
The interesting (at least to me) part of log.smbd is:
[2002/11/12 21:50:38, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(551)
Doing spnego session setup
[2002/11/12 21:50:38, 3] smbd/sesssetup.c:reply_spnego_negotiate(259)
Got OID 1 2 840 48018 1 2 2
[2002/11/12 21:50:38, 3] smbd/sesssetup.c:reply_spnego_negotiate(259)
Got OID 1 3 6 1 4 1 311 2 2 10
[2002/11/12 21:50:38, 3] smbd/sesssetup.c:reply_spnego_negotiate(266)
Got secblob of size 1339
[2002/11/12 21:50:38, 3] libads/kerberos_verify.c:ads_verify_ticket(125)
krb5_rd_req with auth failed (Decrypt integrity check failed)
[2002/11/12 21:50:38, 1] smbd/sesssetup.c:reply_spnego_kerberos(134)
Failed to verify incoming ticket!
[2002/11/12 21:50:38, 3] smbd/error.c:error_packet(94)
error string = No such file or directory
[2002/11/12 21:50:38, 3] smbd/error.c:error_packet(113)
error packet at smbd/sesssetup.c(136) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
Anybody have any idea what I am doing wrong? Full level 10 log available is
that helps.
Matt Zinkevicius
Software Engineer
Network Storage Array Solutions
Hewlett-Packard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smb.conf
Type: application/octet-stream
Size: 745 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20021113/9d43277a/smb.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: krb5.conf
Type: application/octet-stream
Size: 57 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20021113/9d43277a/krb5.obj
More information about the samba-technical
mailing list