[Samba] No credentials cache found

Fernando Ruza fernandor at sescam.jccm.es
Tue Nov 25 08:58:58 GMT 2003 

Hi everybody,

Me and a lot of people around in the list we are having the following
problem for sometime without solution.

I'd like to join Win2000 AD with Samba. I have samba-3.0.1pre3-1
compiled with the last kerberos support (1.3.1). The steps I do are:

1. Leave the AD (if it was registered before)
   net ads leave
2. I open a kerberos session with the Administrator user
   kinit Administrator at MI-REALM.LOCAL
   Password: ????
3. I newly join the AD using the kerberos session opened
   net ads join
   It succeds and after this I have three kerberos tickets however in
the winbindd.log I see the following error message, which I don't like
and I think that's the source of the problem:
[2003/11/24 11:00:16, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
  krb5_cc_get_principal failed (No credentials cache found)

4. Everything seems to work: wbinfo -u , wbinfo -g , getent passwd ,
getent groups and wbinfo -t

5. Also it works the access to any share in the network from my Linux
box without having to authenticate:
   smbclient //Server-Name/share -k

6. However, trying to access from other windows workstation (Win2k or
WinXP) to the shares on my Linux box it asks me for a user and password
and I get the following error message in the log:
[2003/11/25 08:47:05, 1] smbd/sesssetup.c:reply_spnego_kerberos(210)
  Username (null) is invalid on this system

  But if I mount the share with IP address it works, however using the
netbios name of my Linux box it doesn't. Very strange, isn't it ?

Any help will be greatly appreciate.

Thanks in advance,

Fernando.

=========== smb.conf file ===========
# Global parameters
[global]
	workgroup = HGUV
	realm = HGUV.LOCAL
	server string = %h server (Samba %v)
	security = ADS
	password server = 10.36.192.24
	log file = /var/log/samba/%m.log
	max log size = 0
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	dns proxy = No
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	winbind separator = +
	printing = lprng

[homes]
	comment = Home Directories
	path = /home/%U
	valid users = %D+%U
	read only = No
	create mask = 0664
	directory mask = 0775
	browseable = No
=====================================

=============== krb5.conf ===========
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 default_realm = HGUV.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = false

[realms]
 HGUV.LOCAL = {
  kdc = 10.36.192.24:88
  admin_server = 10.36.192.24:749
 }

[domain_realm]
 .hguv.local = HGUV.LOCAL

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
=====================================


--
Yo uso software libre, ¿Y tu?
¿Qué es el software libre? consulta: http://www.gnu.org/philosophy/free-sw.es.html

Fernando Ruza
e-mail: feruza at terra.es
web: http://guada24.guadawireless.net
Tlf: 661123845
Yahoo! Messenger id: fruza
Linux user: #273644 (http://counter.li.org)
Debian Sid (Kernel 2.4.20 & ext3)

"In an internet without fences ... who needs 'gates'"

More information about the samba mailing list