[Samba] Setting up 3.0 to authenticate to AD

Norris, Brent bnorris at Edmonson.k12.ky.us
Thu Jun 19 14:36:10 GMT 2003 

Ok I changed my samba entries in pam.d and now I get a login box, but I
still cannot login.  Here is what the log file for my machine shows now:

[2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175)
  Failed to verify incoming ticket!
[2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175)
  Failed to verify incoming ticket!
[2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175)
  Failed to verify incoming ticket!
[2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175)
  Failed to verify incoming ticket!
[2003/06/19 09:34:03, 1] smbd/sesssetup.c:reply_spnego_kerberos(221)
  Username bnorris is invalid on this system

Anyone got any ideas?

 
> Well, I have the same exact problem as you.  I have 
> everything setup right so that wbinfo pulls all information 
> fine.  I can Kerberos too. But, can't login from the network. 
>  I thought it was PAM, but no for me either.  I've posted 
> about this a couple of times, to no avail.  Hope someone 
> answers yours!
> 
> -----Original Message-----
> From: Norris, Brent [mailto:bnorris at Edmonson.k12.ky.us] 
> Sent: Thursday, June 19, 2003 10:14 AM
> To: Chip Bell
> Subject: RE: [Samba] Setting up 3.0 to authenticate to AD
> 
> > Sounds like you set up winbind..did you do pam?
> 
> I was under the impression from the documentation that pam 
> only needed to be changed if you wanted to be able to use the 
> accounts to login as far as telnet, ssh, ftp type stuff.  It 
> states that winbindd and samba should be working together and 
> that they /etc/pam.d/samba didn't need changing. Though mine 
> looks like this:
> 
> auth       required     pam_nologin.so
> auth       required     pam_stack.so service=system-auth
> account    required     pam_stack.so service=system-auth
> session    required     pam_stack.so service=system-auth
> password   required     pam_stack.so service=system-auth
> 
> While the doc's only has the two lines:
> 
> auth    required        /lib/security/pam_stack.so service=system-auth
> account required        /lib/security/pam_stack.so service=system-auth
> 
> I wasn't attempting to change it though since that is what 
> the samba rpm put in there.  Perhaps I should change it to 
> look like the one in the docs??
> 
> Brent
> 
> <------ output from testparm ----->
> 
> Load smb config files from /etc/samba/smb.conf
> Processing section "[homes]"
> Processing section "[printers]"
> Processing section "[public]"
> Loaded services file OK.
> 'winbind separator = +' might cause problems with group 
> membership. Server role: ROLE_DOMAIN_MEMBER Press enter to 
> see a dump of your service definitions
> 
> # Global parameters
> [global]
>         workgroup = STU
>         realm = STU.EDMONSON.K12.KY.US
>         server string = Linux File Server
>         security = ADS
>         log file = /var/log/samba/log.%m
>         max log size = 50
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         dns proxy = No
>         wins server = 10.76.16.50
>         winbind separator = +
>         winbind use default domain = Yes
> 
> [homes]
>         comment = Home Directories
>         read only = No
>         browseable = No
> 
> [printers]
>         comment = All Printers
>         path = /var/spool/samba
>         printable = Yes
>         browseable = No
> 
> [public]
>         comment = Public Stuff
>         path = /home/samba
>         write list = bnorris
>         guest ok = Yes
>

More information about the samba mailing list