Unable to authenticate with security=ADS

José Alberto Patiño Limón jalbertop at aranea.com.mx
Thu Nov 14 01:43:00 GMT 2002 

Ok. Well I had the same problem when I was starting to setup SAMBA 3.0.
But I dont remember what I did to fix it.

I remeber that the main problem that I had was with the nss_ldap module,
remember that you need to have the passwd and group info available to
the samba daemon. I have 2 setups to get this info from Active Directory
and OpenLDAP. But you must be certain at least that you have a entry in
the /etc/passwd to get the uid data for the W2K user that you are using
to share the storage in Samba.

Just to be sure, I assume that you /etc/krb5.conf is configured to see
the kerberos "realm" for Active Directory.

I think that the klist tickets command is supposed to be tested in the
W2K machine and noy in the unix box.



On Wed, 2002-11-13 at 14:50, ZINKEVICIUS,MATT (HP-Loveland,ex1) wrote:
> > -----Original Message-----
> > From: José Alberto Patiño Limón [mailto:jalbertop at aranea.com.mx]
> > Sent: Wednesday, November 13, 2002 12:05 PM
> > To: 'samba-technical at lists.samba.org'
> > Subject: Re: Unable to authenticate with security=ADS
> >
> > Did you try to run net ads join first and after run the smbd and nmbd
> > daemons later?
> > 
> > Try it. But now use net ads leave first to delete the computer account
> > in AD.
> 
> Thanks. I tried that and it didn't help.
> 
> Also, another oddity is that if I try to access the share using the IP
> address as the server name it fails slighty differently:
> 
> [2002/11/13 13:30:54, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(551)
>   Doing spnego session setup
> [2002/11/13 13:30:54, 3] smbd/sesssetup.c:reply_spnego_negotiate(259)
>   Got OID 1 2 840 48018 1 2 2
> [2002/11/13 13:30:54, 3] smbd/sesssetup.c:reply_spnego_negotiate(259)
>   Got OID 1 3 6 1 4 1 311 2 2 10
> [2002/11/13 13:30:54, 3] smbd/sesssetup.c:reply_spnego_negotiate(266)
>   Got secblob of size 1179
> [2002/11/13 13:30:54, 1] libads/kerberos_verify.c:ads_verify_ticket(91)
>   krb5_parse_name(HOST/charlie@) failed (Malformed representation of
> principal)
> [2002/11/13 13:30:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(134)
>   Failed to verify incoming ticket!
> 
> Anybody?? :-)
> 
> --Matt

More information about the samba-technical mailing list