[Samba] Authenticating against AD not working

Lee Engel lengel at mindpearl.com
Wed Aug 31 15:57:52 GMT 2005 


Hi,

We have a Windows 2000 domain controller using active directory. I would like to authenticate users against it, but it's not working. I've been trying for 2 weeks without much luck. Any (and I do mean ANY) help would be greatly appreciated. 

My linux box: Linux cptapp01 2.6.10-5-386 #1 Tue Apr 5 12:12:40 UTC 2005 i686 GNU/Linux (Ubuntu)
My samba: Version 3.0.20
My smb.conf:

[global]
	workgroup = MINDPEARL
	realm = MINDPEARL
	server string = %h server (Samba, Ubuntu)
	security = ADS
	obey pam restrictions = Yes
	password server = 10.46.160.43
	passdb backend = tdbsam, guest
	client NTLMv2 auth = Yes
	client lanman auth = No
	client plaintext auth = No
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	dns proxy = No
	wins server = 10.46.120.228
	ldap ssl = no
	panic action = /usr/share/samba/panic-action %d
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	template shell = /bin/bash
	winbind use default domain = Yes
	invalid users = root

[homes]
	comment = Home Directories
	create mask = 0700
	directory mask = 0700
	browseable = No

[test]
	comment = Testing Share
	path = /tmp
	guest ok = Yes
	locking = No

[print$]
	comment = Printer Drivers
	path = /var/lib/samba/printers


my /etc/krb5.conf:

[libdefaults]
        default_realm = MINDPEARL

[realms]
        MINDPEARL = {
        kdc = 10.46.160.43
        }

        MINDPEARL.LOCAL = {
        kdc = 10.46.160.43
        }

[domain_realms]
        .kerberos.server = mindpearl


My log.smbd:

[2005/08/31 17:46:30, 0] passdb/pdb_tdb.c:tdbsam_tdbopen(195)
  Unable to open/create TDB passwd
[2005/08/31 17:46:30, 0] passdb/pdb_tdb.c:tdbsam_getsampwrid(488)
  pdb_getsampwrid: Unable to open TDB rid database!
[2005/08/31 17:46:30, 0] smbd/server.c:main(839)
  standard input is not a socket, assuming -D option
[2005/08/31 17:46:32, 0] libads/kerberos.c:ads_kinit_password(146)
  kerberos_kinit_password host/CPTAPP01 at MINDPEARL.LOCAL failed: Preauthentication failed
[2005/08/31 17:46:32, 0] printing/nt_printing.c:nt_printing_init(636)
  nt_printing_init: error checking published printers: WERR_ACCESS_DENIED

My log.10.46.161.93 (client machine):

[2005/08/31 17:46:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2005/08/31 17:46:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2005/08/31 17:46:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2005/08/31 17:46:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2005/08/31 17:46:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2005/08/31 17:46:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2005/08/31 17:46:37, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2005/08/31 17:46:37, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2005/08/31 17:46:37, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2005/08/31 17:46:37, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2005/08/31 17:46:37, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2005/08/31 17:46:42, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!


My log.winbindd:

[2005/08/31 17:46:31, 1] nsswitch/winbindd.c:main(935)
  winbindd version 3.0.20 started.
  Copyright The Samba Team 2000-2004

[2005/08/31 17:46:32, 0] libsmb/cliconnect.c:cli_session_setup_spnego(762)
  Kinit failed: Preauthentication failed


Pretty,pretty please.


---
Lee Engel
IT Co-ordinator
Mindpearl AG, Cape Town
Tel:  +27 21 440 6702
Fax: +27 21 440 6800
Mobile: +27 82 776 6881
www.mindpearl.com

More information about the samba mailing list