[Samba] Active Directory and Samba

[Robert Ambrogi]

Trying to place some working Samba servers in to an active directory
environment, and things are not working.

 

The server itself seems to work with other services.

 

I am actually at the point that I can log in to my server using a valid
Active directory log on, so I know Unix and Active Directory are
talking.

 

I can kinit, do "net ads join"s, it would seem the active directory part
is fine.

 

When I try an access samba shares, no luck.

 

If I try to access my server shares via IE, it prompts for a paswrod,
but never accepts it.  It would seem a working implementation would
never even prompt for a password, just accept my credentials.

 

I can 

 

smbclient -L myhost -U valid_ad_account

 

Supply a password when the prompt appears, and things work,

 

Yet I can't do

 

smbclient -L myhost -k

 

After I do a valid kinit.

 

If I make my samba pam module just pam_warn.so, I see no output, so I
am guessing I don't even get that far.

 

My major error message at 

 

smbclient -L myhost -k

 

 

is 

 

session setup failed: NT_STATUS_LOGON_FAILURE

 

 

Cranking up the debug level to d 3, I see

 

lp_load: refreshing parameters

Initialising global parameters

params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"

Processing section "[global]"

added interface ip=10.155.100.175 bcast=10.155.100.255
nmask=255.255.255.0

Client started (version 3.0.2-6.3E).

Connecting to 10.155.100.175 at port 445

Doing spnego session setup (blob length=93)

got OID=1 2 840 113554 1 2 2

got OID=1 2 840 48018 1 2 2

got OID=1 3 6 1 4 1 311 2 2 10

got principal=myhost$@MYREALM.COM

Doing kerberos session setup

SPENGO login failed: Logon failure

session setup failed: NT_STATUS_LOGON_FAILURE

 

 

And, of course, I seem to remember having this work last month.

 

Ideas?