[Samba] cant authenticate Samba -> AD trying to map to shares on samba server

PAGE Kelley (RF4) BHR Hospital Kelley.Page at bhrhospitals.nhs.uk
Wed Dec 27 14:25:11 GMT 2006 

I have read through previous posts but still cant connect to samba shares - any help much appreciated.

Running Samba   3.0.10-1 on fedora Core 2.  Dont know anything about AD as it's looked after by the big boys and they wont share their secrets with the linux team.  I do know the server I need to authenticate with is acting as some sort of time server so I assume that is not an issue.

wbinfo -u - produces users list
wbinfo -g - produces user groups
wbinfo -t -  checking the trust secret via RPC calls failed
	error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
	Could not check secret

SMB.conf 

workgroup = hospitals
   realm = XHOSPITALS.A.B
hosts allow = 10.
security = ADS
password server = 10.x.y.z
encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
wins server = 10.x.y.z
netbios name = oncology
smb ports = 139

krb5.conf
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = XHOSPITALS.A.B
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 XHOSPITALS.A.B = {
  kdc = astolat.xhospitals.a.b:88
  admin_server = astolat.xhospitals.a.b:749
  default_domain = xhospitals.a.b
 }

[domain_realm]
.kerberos.server = XHOSPITALS.A.B
.xhospitals.a.b = XHOSPITALS.A.B

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 604800
   forwardable = true
   krb4_convert = false


winbindd error log

[2006/12/27 13:54:19, 3] libsmb/cliconnect.c:cli_session_setup_spnego(745)
  got principal=astolat$@XHOSPITALS.A.B
[2006/12/27 13:54:19, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(878)
  Got challenge flags:
[2006/12/27 13:54:19, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x62890215
[2006/12/27 13:54:19, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(900)
  NTLMSSP: Set final flags:
[2006/12/27 13:54:19, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60080215
[2006/12/27 13:54:19, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
  NTLMSSP Sign/Seal - Initialising with flags:
[2006/12/27 13:54:19, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60080215
[2006/12/27 13:54:19, 3] libsmb/cliconnect.c:cli_session_setup(868)
  SPNEGO login failed: Logon failure
[2006/12/27 13:54:19, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(290)
  cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED
[2006/12/27 13:54:19, 3] nsswitch/winbindd_cm.c:cm_open_connection(366)
  schannel refused - continuing without schannel (NT_STATUS_ACCESS_DENIED)
[2006/12/27 13:54:19, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(290)
  cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED
[2006/12/27 13:54:19, 3] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(68)
  could not open handle to NETLOGON pipe
[2006/12/27 13:54:19, 2] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(98)
  Checking the trust account password returned NT_STATUS_ACCESS_DENIED

Anyone had a similiar problem?  How did you sort it?  Any tips gretly appreciated.

Thanks.

Kelley

More information about the samba mailing list