[Samba] samba3.0.14a, Windows2003, ADS

Danna Dowdy Danna.Dowdy at noaa.gov
Wed May 11 17:09:57 GMT 2005

Please forgive the long post but I am at my wits end here!  Below are 
the files that I have configured, the results of several commands, and 
some output from log files.... ANY HELP AT ALL??!!

wbinfo -p
Ping to winbindd failed on fd -1
could not ping winbindd!

wbinfo -t
checking the trust secret via RPC calls failed
error code was  (0x0)
Could not check secret

kinit and klist seem to work
Ticket cache: FILE:/tmp/krb5cc_503
Default principal: username at DOMAIN
Valid starting     Expires            Service principal
05/11/05 12:59:46  05/11/05 22:59:46  krbtgt/DOMAIN at DOMAIN
Kerberos 4 ticket cache: /tmp/tkt503
klist: You have no tickets cached

When I run net ads users, I get back all users in Active Directory

Configured Samba with this

./configure -with-ldap -with-ads -with-krb5 -with-pam -with-winbind

realm = DOMAIN
password server = CONTROLLER
security = ADS
encrypt passwords = yes
# winbind configuration: mapping ADS users to
# uid's and gid's, enabling the enumeration of users
# and groups.
# winbind separator is the character that separates
# user or group names from the domain name.
winbind separator = @
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users=yes
winbind enum groups=yes

 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
 ticket_lifetime = 24000
 default_realm = DOMAIN
 profile = /var/kerberos/krb5kdc/kdc.conf
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false

Auth required /lib/security/pam_winbind.so
Account required /lib/security/pam_winbind.so

passwd:     files winbind
shadow:     files
group:      files winbind

[2005/05/11 12:34:43, 1] libsmb/clikrb5.c:ads_krb5_mk_req(415)
  ads_krb5_mk_req: krb5_mk_req_extended failed (Ticket expired)
[2005/05/11 12:34:43, 1] 
  spnego_gen_negTokenTarg failed: Ticket expired
[2005/05/11 12:34:43, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain DOMAIN failed: Cannot read password
[2005/05/11 12:34:43, 1] nsswitch/winbindd_util.c:init_domain_list(322)
  Could not fetch sid for our domain DOMAIN
[2005/05/11 12:34:43, 1] 
  spnego_gen_negTokenTarg failed: No credentials cache found

More information about the samba mailing list