[Samba] spnego_gen_negTokenTarg failed: No credentials cache found
Roland Carlsson
roland at alfa-moving.se
Tue Nov 22 10:42:29 GMT 2005
Hello everybody!
I keep on trying to make my samba installation to work. I have tried a
couple threads before but I have not been able to pinpoint the problem.
So, yesterday I made a second last attempt to solve the problem before
my boss forces me to install Windows2003 since it works out of the box.
The scenario is that I'm trying to use Samba (Suse 10) as a fileserver
that authenicates against an Active Directory Server 2003 SP1 (all
patches).
I can bind my server to the domain.
I can run wbinfo -g, -t, -u -p without error and get users from AD
I can run getent groups passwd and get the users and groups from AD
Here are the results from trying to connect to a share with smbclient
from localhost:
AQMLIN03:/ # smbclient //aqmlin03/gemensam -U roca1
Password:
Domain=[ALFA-MOVING] OS=[Unix] Server=[Samba 3.0.20b-3.1-SUSE]
tree connect failed: NT_STATUS_ACCESS_DENIED
AQMLIN03: # smbclient -k //aqmlin03/gemensam
ads_krb5_mk_req: krb5_get_credentials failed for
cifs/aqmlin03.alfa-moving at ALFA-MOVING.SE (Ticket expired)
spnego_gen_negTokenTarg failed: Ticket expired
session setup failed: SUCCESS - 0
(From localhost I can't use roca1 as user so this was run as root.)
Here are the same smbclient attempts from an OSX client:
PROSIT:~ roca1$ smbclient //aqmlin03/gemensam -U roca1
Password:
Domain=[ALFA-MOVING] OS=[Unix] Server=[Samba 3.0.20b-3.1-SUSE]
tree connect failed: NT_STATUS_ACCESS_DENIED
PROSIT:~ roca1$ smbclient -k //aqmlin03/gemensam
spnego_gen_negTokenTarg failed: No credentials cache found
session setup failed: NT_STATUS_OK
When using smbclient -k get the following in log.smbd
[2005/11/22 11:06:51, 2] smbd/server.c:exit_server(612)
Closing connections
Using the smbclient -U i get the following in log.smbd:
[2005/11/22 11:08:10, 0] auth/auth_util.c:make_server_info_info3(1173)
make_server_info_info3: pdb_init_sam failed!
[2005/11/22 11:08:10, 2] auth/auth.c:check_ntlm_password(317)
check_ntlm_password: Authentication for user [roca1] -> [roca1]
FAILED with error NT_STATUS_NO_SUCH_USER
[2005/11/22 11:08:10, 2] smbd/service.c:make_connection_snum(311)
guest user (from session setup) not permitted to access this share
(gemensam)
[2005/11/22 11:08:10, 2] smbd/server.c:exit_server(612)
Running testparm gives this (and the shares that I cut out):
AQMLIN03:/var/log/samba # testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[printers]"
Processing section "[gemensam]"
Processing section "[jÖnkÖping]"
Processing section "[gÖteborg]"
Processing section "[malmÖ]"
Processing section "[oslo]"
Processing section "[stockholm]"
Processing section "[home]"
Processing section "[milldoc]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
workgroup = ALFA-MOVING
realm = ALFA-MOVING.SE
security = ADS
map to guest = Bad User
log level = 5
preferred master = No
local master = No
domain master = No
dns proxy = No
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap suffix = dc=ALFA-MOVING,dc=SE
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
include = /etc/samba/dhcp.conf
The contents of /etc/krb5.conf
[libdefaults]
default_realm = ALFA-MOVING.SE
[realms]
ALFA-MOVING.SE = {
kdc = 192.168.10.10
kpasswd_server = 192.168.10.10
}
[logging]
default = SYSLOG:NOTICE:DAEMON
kdc = FILE:/var/log/kdc.log
kadmind = FILE:/var/log/kadmind.log
[appdefaults]
pam = {
ticket_lifetime = 7d
renew_lifetime = 7d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
debug = false
}
The contents of /etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
hosts: files dns wins
networks: files dns
services: files
protocols: files :
rpc: files
ethers: files
netmasks: files
netgroup: files
publickey: files
bootparams: files
automount: files nis
aliases: files
Thank you very much in advance
Roland Carlsson
More information about the samba
mailing list