[Samba] Setting up 3.0 to authenticate to AD
Patrik Gustavsson PS Sweden Senior Technical Consultant
Patrik.Gustavsson at Sun.COM
Mon Jun 23 08:17:05 GMT 2003
I got the same problem, but I recompiled Samba
using the latest kerberos for MIT (1.3) and that works.
/Patrik
Norris, Brent wrote:
>Ok I changed my samba entries in pam.d and now I get a login box, but I
>still cannot login. Here is what the log file for my machine shows now:
>
>[2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175)
> Failed to verify incoming ticket!
>[2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175)
> Failed to verify incoming ticket!
>[2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175)
> Failed to verify incoming ticket!
>[2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175)
> Failed to verify incoming ticket!
>[2003/06/19 09:34:03, 1] smbd/sesssetup.c:reply_spnego_kerberos(221)
> Username bnorris is invalid on this system
>
>Anyone got any ideas?
>
>
>
>
>>Well, I have the same exact problem as you. I have
>>everything setup right so that wbinfo pulls all information
>>fine. I can Kerberos too. But, can't login from the network.
>> I thought it was PAM, but no for me either. I've posted
>>about this a couple of times, to no avail. Hope someone
>>answers yours!
>>
>>-----Original Message-----
>>From: Norris, Brent [mailto:bnorris at Edmonson.k12.ky.us]
>>Sent: Thursday, June 19, 2003 10:14 AM
>>To: Chip Bell
>>Subject: RE: [Samba] Setting up 3.0 to authenticate to AD
>>
>>
>>
>>>Sounds like you set up winbind..did you do pam?
>>>
>>>
>>I was under the impression from the documentation that pam
>>only needed to be changed if you wanted to be able to use the
>>accounts to login as far as telnet, ssh, ftp type stuff. It
>>states that winbindd and samba should be working together and
>>that they /etc/pam.d/samba didn't need changing. Though mine
>>looks like this:
>>
>>auth required pam_nologin.so
>>auth required pam_stack.so service=system-auth
>>account required pam_stack.so service=system-auth
>>session required pam_stack.so service=system-auth
>>password required pam_stack.so service=system-auth
>>
>>While the doc's only has the two lines:
>>
>>auth required /lib/security/pam_stack.so service=system-auth
>>account required /lib/security/pam_stack.so service=system-auth
>>
>>I wasn't attempting to change it though since that is what
>>the samba rpm put in there. Perhaps I should change it to
>>look like the one in the docs??
>>
>>Brent
>>
>><------ output from testparm ----->
>>
>>Load smb config files from /etc/samba/smb.conf
>>Processing section "[homes]"
>>Processing section "[printers]"
>>Processing section "[public]"
>>Loaded services file OK.
>>'winbind separator = +' might cause problems with group
>>membership. Server role: ROLE_DOMAIN_MEMBER Press enter to
>>see a dump of your service definitions
>>
>># Global parameters
>>[global]
>> workgroup = STU
>> realm = STU.EDMONSON.K12.KY.US
>> server string = Linux File Server
>> security = ADS
>> log file = /var/log/samba/log.%m
>> max log size = 50
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> dns proxy = No
>> wins server = 10.76.16.50
>> winbind separator = +
>> winbind use default domain = Yes
>>
>>[homes]
>> comment = Home Directories
>> read only = No
>> browseable = No
>>
>>[printers]
>> comment = All Printers
>> path = /var/spool/samba
>> printable = Yes
>> browseable = No
>>
>>[public]
>> comment = Public Stuff
>> path = /home/samba
>> write list = bnorris
>> guest ok = Yes
>>
>>
>>
--
"In a world without fences who needs Gates"
Patrik Gustavsson, Senior Technical Consultant
patrik.gustavsson at sun.com Telephone: +46 60 671540
http://glen.sweden Mobile: +46 70 3551040
SUN MICROSYSTEMS Fax: +46 60 671550
--------------------------------------------------------------
More information about the samba
mailing list