[Samba] 3.0.25: non-Kerberos authentication fails when security=ads?
James Ralston
qralston+ml.samba at andrew.cmu.edu
Tue May 15 17:43:26 GMT 2007
I have several servers running Samba, all using security = ads mode.
After updating one of the servers to 3.0.25, non-Kerberos login
attempts now fail, although Kerberos logins work just fine. E.g.:
$ smbclient -k -L //my-server
OS=[Unix] Server=[Samba 3.0.25-0.0]
Sharename Type Comment
--------- ---- -------
...
$ smbclient -U username -L //www-dev-eval
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
If I look in the logs on my-server, this is what I see for the
non-Kerberos attempt:
[2007/05/15 12:47:10, 0] auth/auth_domain.c:domain_client_validate(257)
domain_client_validate: unable to validate password for user username in domain OURDOMAIN to Domain controller DC.AD.EXAMPLE.COM. Error was NT_STATUS_NO_SUCH_USER.
This is bogus; username exists, because servers running Samba 3.0.23d
work just fine:
$ smbclient -k -L //other-server
OS=[Unix] Server=[Samba 3.0.23d-0.1]
Sharename Type Comment
--------- ---- -------
...
$ smbclient -U username -L //other-server
Password:
Domain=[OURDOMAIN] OS=[Unix] Server=[Samba 3.0.23d-0.1]
Sharename Type Comment
--------- ---- -------
...
Looking at Bugzilla, I see many bug reports filed against 3.0.25, most
of which involve authentication issues. I don't see a report for this
particular issue, though.
Is anyone else seeing this problem?
More information about the samba
mailing list