[Samba] Samba and Active Directory

Mike Kelly mike at piratehaven.org
Tue Oct 19 19:41:30 GMT 2004


I'm trying to join my Linux file server to an AD domain.  I've looked at
several different documents describing how to do this, but I still am not
able to get everything to work correctly.

I am able to join my domain, but I cannot use smbclient to connect to
another file server in the domain, nor can I connect to the samba server from
my desktop PC.

My kerberos tickets seem to be in order:

$ kinit mtkelly at MY.BIG.DOMAIN.LOC
Password for mtkelly at MY.BIG.DOMAIN.LOC:
$ klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: mtkelly at MY.BIG.DOMAIN.LOC

Valid starting     Expires            Service principal
10/19/04 12:26:21  10/19/04 22:26:25  krbtgt/MY.BIG.DOMAIN.LOC at MY.BIG.DOMAIN.LOC
        renew until 10/19/04 13:26:21

$ smbclient -U mtkelly at my.big.domain.loc -k //fs02/Share
session setup failed: NT_STATUS_LOGON_FAILURE

Even with debug enabled, I don't get any clues:

$ smbclient -U mtkelly at my.big.domain.loc -k -d 4 //fs02/Share
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
doing parameter local master = no
doing parameter realm = MY.BIG.DOMAIN.LOC
doing parameter password server =
doing parameter workgroup = MYDOMAIN
doing parameter netbios name = FS01
handle_netbios_name: set global_myname to: FS01
doing parameter encrypt passwords = yes
doing parameter security = ads
doing parameter log file = /var/log/samba.log
doing parameter server string = ""
doing parameter winbind separator = +
doing parameter winbind uid = 10000-20000
doing parameter winbind gid = 10000-20000
doing parameter template shell = /bin/bash
doing parameter wins server =
doing parameter client use spnego = no
doing parameter use spnego = yes
pm_process() returned Yes
added interface ip= bcast= nmask=
Client started (version 3.0.7-2.FC2).
Connecting to at port 445
 session request ok
Serverzone is 25200
session setup failed: NT_STATUS_LOGON_FAILURE

/var/log/samba.log has three error messages which might be related to my
[2004/10/19 11:46:21, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
  krb5_cc_get_principal failed (No credentials cache found)
[2004/10/19 11:51:31, 1] libads/ldap.c:ads_connect(251)
  Failed to get ldap server info
[2004/10/19 12:01:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
  user 'root' does not exist

My smb.conf:
  local master = no
  password server =
  workgroup = MYDOMAIN
  netbios name = FS01
  encrypt passwords = yes
  security = ads
  log file = /var/log/samba.log
  server string = ""
  winbind separator = +
  winbind uid = 10000-20000
  winbind gid = 10000-20000
  template shell = /bin/bash
  wins server =
  client use spnego = no
  use spnego = yes

  comment = Share
  browseable = yes
  writable = yes
  guest ok = no
  path = /smb/share

I'm running Fedora Core 2, Samba Version 3.0.7-2.FC2, and kernel 2.6.5-1.358.
Active Directory lives on
The samba server is FS01 at
A windows fileserver is FS02 at

Does anyone have any suggestions about what I might do to get samba working



--------Mike at PirateHaven.org-----------------------The_glass_is_too_big--------

More information about the samba mailing list