[Samba] Kerberos authentication problems

Brett Stevens brett.stevens at hubbub.com.au
Thu Mar 25 04:09:26 GMT 2004 

Looks like you and I followed the same docs for install. What I have that is
different to yours (and my previous failures) is there is absolutely nothing
except the default_realm under libdefaults. I commented out everything else,
I was having exactly the same symptoms as yourself and had previously tried
those settings. Disable all in lib defaults and give that a try.


> From: "David Nalley" <davidnalley at BryanRamey.com>
> Date: Wed, 24 Mar 2004 22:03:47 -0500
> To: "Brett Stevens" <brett.stevens at hubbub.com.au>, <samba at lists.samba.org>
> Subject: RE: [Samba] Kerberos authentication problems
> 
> 
>> -----Original Message-----
>> From: Brett Stevens [mailto:brett.stevens at hubbub.com.au]
>> Can you publish (sanitized) the following
>> 
>> /etc/nsswitch
>> Samba.conf
>> krb5.conf
>> 
>> Thanks
> 
> As you can see, I tried to be liberal with permissions while testing,
> and planned to tighten down. Thanks for taking a look
> 
> nsswitch.conf:
> 
> passwd:     files winbind
> shadow:     files
> group:      files winbind
> hosts:      files dns
> bootparams: nisplus [NOTFOUND=return] files
> ethers:     files
> netmasks:   files
> networks:   files
> protocols:  files
> rpc:        files
> services:   files
> netgroup:   files
> publickey:  nisplus
> automount:  files
> aliases:    files nisplus
> 
> 
> krb5.conf:
> 
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
> 
> [libdefaults]
> ticket_lifetime = 24000
> default_realm = DOMAIN.COM
> dns_lookup_realm = false
> dns_lookup_kdc = false
> default_tkt_enctypes = des-cbc-crc
> default_tgs_enctypes = des-cbc-crc
> 
> 
> [realms]
> DOMAIN.COM = {
> kdc = KDC.DOMAIN.COM
> admin_server = KDC.DOMAIN.COM
> default_domain = DOMAIN.COM
> }
> 
> [domain_realm]
> .domain.com = DOMAIN.COM
> domain.com = DOMAIN.COM
> 
> [kdc]
> profile = /var/kerberos/krb5kdc/kdc.conf
> 
> [appdefaults]
> pam = {
>  debug = false
>  ticket_lifetime = 36000
>  renew_lifetime = 36000
>  forwardable = true
>  krb4_convert = false
> }
> 
> smb.conf:
> 
> [global]
> netbios name = SAMBASRVR
> Server String = "File Server"
> workgroup = DOMAIN
> security = ADS
> log file = /var/log/%m.log
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> wins support = yes
> realm = DOMAIN.COM
> encrypt passwords = yes
> password server = 192.168.XXX.XXX
> local master = no
> winbind use default domain = yes
> winbind separator = +
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind enum users = yes
> winbind enum groups = yes
> client use spnego = yes
> 
> 
> [public]
> path = /tmp
> guest ok = yes
> writeable = yes
> browseable = yes
> public = yes
>

More information about the samba mailing list