[Samba] Active Directory and Samba
Robert Ambrogi
rambrogi at navisys.com
Wed Jul 27 16:02:44 GMT 2005
Trying to place some working Samba servers in to an active directory
environment, and things are not working.
The server itself seems to work with other services.
I am actually at the point that I can log in to my server using a valid
Active directory log on, so I know Unix and Active Directory are
talking.
I can kinit, do "net ads join"s, it would seem the active directory part
is fine.
When I try an access samba shares, no luck.
If I try to access my server shares via IE, it prompts for a paswrod,
but never accepts it. It would seem a working implementation would
never even prompt for a password, just accept my credentials.
I can
smbclient -L myhost -U valid_ad_account
Supply a password when the prompt appears, and things work,
Yet I can't do
smbclient -L myhost -k
After I do a valid kinit.
If I make my samba pam module just pam_warn.so, I see no output, so I
am guessing I don't even get that far.
My major error message at
smbclient -L myhost -k
is
session setup failed: NT_STATUS_LOGON_FAILURE
Cranking up the debug level to d 3, I see
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
Processing section "[global]"
added interface ip=10.155.100.175 bcast=10.155.100.255
nmask=255.255.255.0
Client started (version 3.0.2-6.3E).
Connecting to 10.155.100.175 at port 445
Doing spnego session setup (blob length=93)
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 48018 1 2 2
got OID=1 3 6 1 4 1 311 2 2 10
got principal=myhost$@MYREALM.COM
Doing kerberos session setup
SPENGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE
And, of course, I seem to remember having this work last month.
Ideas?
More information about the samba
mailing list