[Samba] Help !! -- Win2k Active Directory, Kerberos, Samba 3
Sanjay Sane
sanjays at cisco.com
Thu Dec 4 01:56:39 GMT 2003
Environment:
redhat, Linux 2.4.7
Samba Version 3.0.0
MIT Kerberos 5
Win2k SP2, running Active Directory.
Steps done:
1. net ads join -U admin%admin
works fine. Able to see the linux PC test2 on Win2k ActiveDirectory
Computers' console.
----- PROBLEM: ---------
Not able to test authentication of a valid AD user against Samba. (tried
through smbclient and also through Win2k PCs logged on to domain)
[root at test2 samba]# smbclient -L test2 -U admin
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
[root at test2 samba]#
Turning debug on smbd results following
____________________________________
......
[2003/12/03 17:37:30, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(285)
Got user=[admin] domain=[DOMAIN] workstation=[TEST2] len1=24 len2=24
[2003/12/03 17:37:30, 3] auth/auth.c:check_ntlm_password(215)
check_ntlm_password: Checking password for unmapped user
[DOMAIN]\[admin]@[TEST2] with the new password interface
[2003/12/03 17:37:30, 3] auth/auth.c:check_ntlm_password(218)
check_ntlm_password: mapped user is: [DOMAIN]\[admin]@[TEST2]
[2003/12/03 17:37:30, 3] smbd/sec_ctx.c:push_sec_ctx(255)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2003/12/03 17:37:30, 3] smbd/uid.c:push_conn_ctx(286)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2003/12/03 17:37:30, 3] smbd/sec_ctx.c:set_sec_ctx(287)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/12/03 17:37:30, 3] smbd/sec_ctx.c:pop_sec_ctx(385)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/12/03 17:37:30, 3] auth/auth_util.c:make_server_info_info3(1008)
User admin does not exist, trying to add it
[2003/12/03 17:37:30, 0] auth/auth_util.c:make_server_info_info3(1017)
make_server_info_info3: pdb_init_sam failed!
[2003/12/03 17:37:30, 2] auth/auth.c:check_ntlm_password(307)
check_ntlm_password: Authentication for user [admin] -> [admin] FAILED
with error NT_STATUS_NO_SUCH_USER
[2003/12/03 17:37:30, 3] smbd/process.c:timeout_processing(1099)
timeout_processing: End of file from client (client has disconnected).
[2003/12/03 17:37:30, 3] smbd/sec_ctx.c:set_sec_ctx(287)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/12/03 17:37:30, 2] smbd/server.c:exit_server(558)
Closing connections
[2003/12/03 17:37:30, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2003/12/03 17:37:30, 3] smbd/connection.c:yield_connection(75)
yield_connection: tdb_delete for name failed with error Record does not
exist.
[2003/12/03 17:37:30, 3] smbd/server.c:exit_server(601)
Server exit (normal exit)
____________________________________
relevant smb.conf -->
_________________________________________
[global]
# all security related configurations
# security
security = ads
encrypt passwords = yes
realm = domain.local
workgroup = DOMAIN
netbios name = TEST2
#winbindd configuration
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
[public]
path = /local/
public = yes
only guest = yes
writable = yes
printable = no
_____________________________________________
Kerberos setup works fine, have validated by using kinit, etc.
Please help.
Thanks,
Sanjay
More information about the samba
mailing list