[Samba] how to check whether samba server with security =ads is working fine or not

ankush grover ankushmailing at gmail.com
Fri May 6 07:29:29 GMT 2005


Hey friends,

I have configure samba with security =ads but I am not able to make
sure whether it is working properly or not.How can I test whether
samba server is working properly or not.

I am getting these errors in samba log files.

Logs of the machine from where i accessed the samba shares.

192.168.1.14 (192.168.1.14) closed connection to service win
[2005/05/06 12:36:57, 1] smbd/service.c:make_connection_snum(648)
  192.168.1.14 (192.168.1.14) connect to service ankush initially as
user ankush (uid=500, gid=500) (pid 3664)
[2005/05/06 12:37:06, 1] smbd/service.c:close_cnum(836)
  192.168.1.14 (192.168.1.14) closed connection to service ankush
[2005/05/06 12:40:55, 1] smbd/service.c:make_connection_snum(648)
  192.168.1.14 (192.168.1.14) connect to service ankush initially as
user ankush (uid=500, gid=500) (pid 3696)
[2005/05/06 12:40:57, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
  Username SUNUPDELHI/manoj$ is invalid on this system
[2005/05/06 12:40:57, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
  Username SUNUPDELHI/manoj$ is invalid on this system


Logs of smbd.log file

[2005/05/06 12:36:55, 1] libsmb/clikrb5.c:ads_krb5_mk_req(323)
  krb5_cc_get_principal failed (No credentials cache found)


the result of klist 
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at SUNUPDELHI.NET

Valid starting     Expires            Service principal
05/06/05 12:21:43  05/06/05 22:20:57  krbtgt/SUNUPDELHI.NET at SUNUPDELHI.NET
        renew until 05/07/05 12:21:43
        Addresses: (none)


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached


the 0.0.0.0.log file logs

[2005/05/06 12:29:44, 0] lib/access.c:check_access(328)
[2005/05/06 12:29:44, 0] lib/util_sock.c:get_peer_addr(1000)
  getpeername failed. Error was Transport endpoint is not connected
  Denied connection from  (0.0.0.0)
[2005/05/06 12:29:44, 1] smbd/process.c:process_smb(1085)
[2005/05/06 12:29:44, 0] lib/util_sock.c:get_peer_addr(1000)
  getpeername failed. Error was Transport endpoint is not connected
  Connection denied from 0.0.0.0
[2005/05/06 12:29:44, 0] lib/util_sock.c:write_socket_data(430)
  write_socket_data: write failure. Error = Connection reset by peer
[2005/05/06 12:29:44, 0] lib/util_sock.c:write_socket(455)
  write_socket: Error writing 5 bytes to socket 23: ERRNO = Connection
reset by peer
[2005/05/06 12:29:44, 0] lib/util_sock.c:send_smb(647)
  Error writing 5 bytes to client. -1. (Connection reset by peer)



The krb5.conf file 

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = SUNUPDELHI.NET
 dns_lookup_realm = false
 dns_lookup_kdc = true

[realms]
 SUNUPDELHI.NET = {
  kdc = server1.sunupdelhi.net:88
  admin_server = server1.sunupdelhi.net:749
  default_domain = sunupdelhi.net
 }

[domain_realm]
 .example.com = SUNUPDELHI.NET
 example.com = SUNUPDELHI.NET

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }


the samba configuration file is 

   workgroup = sunupdelhi
   netbios name = work
   password server = server1.sunupdelhi.net
   winbind separator = /
   realm = SUNUPDELHI.NET
   security = ads
   encrypt passwords = yes
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template shell = /bin/false
   winbind use default domain = yes
   winbind enum users = yes
  winbind enum groups = yes


Can anybody tell me whether the samba server with security =ads is
working properly.I am able to access the shares from the samba server.

Thanks & Regards

Ankush Grover


More information about the samba mailing list