[Samba] smbclient -k fails

Christian HAESSIG christian.haessig at ircad.u-strasbg.fr
Wed Mar 17 16:03:36 GMT 2004


Hello the list,

I have a problem using smbclient with samba 3.0.2a + kerberos, in a Win2000
AD environment.

When I run

smbclient -k -U <AD user> -L <server>

where <AD user> is an AD user, and <server> the samba server OR the AD
controller, I get the following error :

krb5_cc_get_principal failed (No credentials cache found)
spnego_gen_negTokenTarg failed: No credentials cache found
session setup failed: NT_STATUS_OK

But without the -k, it works without problem.

Has someone any idea ?

Thanks.

Here is my krb5.conf file :

[logging]
  default = FILE:/var/log/krb5/libs.log
  kdc = FILE:/var/log/krb5/kdc.log
  admin_server = FILE:/var/log/krb5/admin.log

[libdefaults]
  ticket_lifetime = 24000
  default_realm = IRCAD.FR
  default_tgs_enctypes = des-cbc-crc des-cbc-md5
  default_tkt_enctypes = des-cbc-crc des-cbc-md5
  forwardable = true
  proxiable = true
  dns_lookup_realm = true
  dns_lookup_kdc = true

[realms]
  IRCAD.FR = {
    kdc = ircadsrv.ircad.fr:88
    default_domain = ircad.fr
  }

 [domain_realm]
   .ircad.fr = IRCAD.FR
   ircad.fr = IRCAD.FR

 [kdc]
   profile = /var/kerberos/krb5kdc/kdc.conf

 [pam]
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false




and this is my smb.conf file :

[global]
   workgroup = D_IRCAD
   netbios name = PRINTSRV2
   client use spnego = yes
   server string = %h server (Samba %v)

   wins support = no
   wins server = 192.168.0.1
   dns proxy = no

   log file = /var/log/samba/log.%m
   log level = 3
   max log size = 1000

   syslog = 0

####### winbindd configuration
  winbind separator = +
  idmap uid = 10000-20000
  idmap gid = 10000-20000
  winbind enum users = yes
  winbind enum groups = yes
  template homedir = /home/%D/%U
  template shell = /bin/bash

####### Authentication #######

   security = ads
   password server = IRCADSRV
   realm = IRCAD.FR
   encrypt passwords = yes
   passdb backend = tdbsam guest
   invalid users = root

   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .

########## Printing ##########
...



Christian Haessig



More information about the samba mailing list