FW: [Samba] getting samba to authenticate with kerberos/PAM

Guillermo Gutierrez ggutierrez at marketscan.com
Wed Mar 8 23:14:28 GMT 2006 

ummm....is there certain info that I need to be including the first time through?
I have been fighting with this problem for a week now and I have not gotten any responses since my first or second thread. 

I am stuck/lost/frustrated and at the mercy of the everyone in this list who knows samba much better than me.
Please help me, I am pretty sure this is just some misconfiguration on my part.

-----Original Message-----
From: samba-bounces+ggutierrez=marketscan.com at lists.samba.org
[mailto:samba-bounces+ggutierrez=marketscan.com at lists.samba.org]On
Behalf Of Guillermo Gutierrez
Sent: Wednesday, March 08, 2006 11:02 AM
To: samba at lists.samba.org
Subject: [Samba] getting samba to authenticate with kerberos/PAM


Hello,
I reeeeally  need someone's help here. I guide after guide from all sorts of sources but I still cannot get samba to authenticate a domain login via winbind off of the windows 2003 DC on our network. 

Here is what I can do:
I can successfully do a kinit command and can verify the existance on the samba server in active directory on the DC.
I can login using domain profiles on the samba server linux box's (Gentoo) console.
I can login as root from ssh only, not at the console.
I can not login with domain profiles through ssh (haven't tried to modify /etc/pam.d/sshd for fear of not being able to login as root at all).
I can get to my /home/samba/public samba share through netBIOS.
I can not get into my /home/<DOMAIN>/<domainuser> samba share, I recieve a "network path not found" error in windows.
When the above happens, one samba log (log.<machinename>) will say:

[2006/03/08 10:36:19, 5] smbd/reply.c:reply_special(537)
  init msg_type=0x81 msg_flags=0x0
[2006/03/08 10:36:19, 0] lib/util_sock.c:write_data(557)
  write_data: write failure in writing to client 10.11.7.56. Error Connection reset by peer
[2006/03/08 10:36:19, 0] lib/util_sock.c:send_smb(765)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
[2006/03/08 10:36:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/03/08 10:36:19, 5] auth/auth_util.c:debug_nt_user_token(433)
  NT user token: (NULL)
[2006/03/08 10:36:19, 5] auth/auth_util.c:debug_unix_user_token(454)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/03/08 10:36:19, 5] smbd/uid.c:change_to_root_user(324)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2006/03/08 10:36:19, 2] smbd/server.c:exit_server(614)
  Closing connections
[2006/03/08 10:36:19, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to
[2006/03/08 10:36:19, 3] smbd/connection.c:yield_connection(76)
  yield_connection: tdb_delete for name  failed with error Record does not exist.
[2006/03/08 10:36:19, 3] smbd/server.c:exit_server(655)
  Server exit (process_smb: send_smb failed.)

The other samba log (log.<IPAddress>) will say:

[2006/03/08 10:40:26, 5] auth/auth_util.c:debug_nt_user_token(433)
  NT user token: (NULL)
[2006/03/08 10:40:26, 5] auth/auth_util.c:debug_unix_user_token(454)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/03/08 10:40:26, 5] smbd/uid.c:change_to_root_user(324)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2006/03/08 10:40:26, 5] lib/util.c:show_msg(454)
[2006/03/08 10:40:26, 5] lib/util.c:show_msg(464)
  size=35
  smb_com=0x71
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51201
  smb_tid=1
  smb_pid=65279
  smb_uid=101
  smb_mid=448
  smt_wct=0
  smb_bcc=0
[2006/03/08 10:40:26, 3] smbd/process.c:timeout_processing(1447)
  timeout_processing: End of file from client (client has disconnected).
[2006/03/08 10:40:26, 5] lib/gencache.c:gencache_shutdown(89)
  Closing cache file
[2006/03/08 10:40:26, 5] libsmb/namecache.c:namecache_shutdown(79)
  namecache_shutdown: netbios namecache closed successfully.
[2006/03/08 10:40:26, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/03/08 10:40:26, 5] auth/auth_util.c:debug_nt_user_token(433)
  NT user token: (NULL)
[2006/03/08 10:40:26, 5] auth/auth_util.c:debug_unix_user_token(454)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/03/08 10:40:26, 5] smbd/uid.c:change_to_root_user(324)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2006/03/08 10:40:26, 2] smbd/server.c:exit_server(614)
  Closing connections
[2006/03/08 10:40:26, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to
[2006/03/08 10:40:26, 3] smbd/server.c:exit_server(655)
  Server exit (normal exit)

and a whole bunch of other stuff that extends into the .old archive of this log.

Please help me figure out what the source of my issue is or point me to a step-by-step set of instructions that will work.

Here is some info on my setup:

Samba Server: samba 3.0.21c on a Gentoo Linux system
Network: 	windows 2003 Active Directory domain with a Novell Server on the network.
OS of client used for testing connection: windows XP SP2

thanks in advance, 

Guillermo Gutierrez
Development Systems Engineer
Market Scan Information Systems
(818) 575-2000 x2427
ggutierrez at marketscan.com

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list