[Samba] Active Directory authentication no longer works
Dan O'Brien
dobrien at xanboo.com
Tue May 22 01:02:46 GMT 2007
Hello all,
I have 3 Linux boxes all authenticating against 2 Windows 2003 domain
controllers. Each Linux box is running a different Linux and samba version:
Box1: CentOS 3.4 3.0.25-7
Box2: CentOS 4.4 3.0.10-1
Box3: CentOS 5 3.0.23c-2
Their smb.conf and krb5.conf files are all identical (below). A few days
ago authentication stopped working and my /var/log/messages fills up
with "signing_good: BAD SIG: seq 1" and "SMB Signature verification
failed on incoming packet!" errors. When someone tries to log into one
of the machines i get an "internal module error" and
"NT_STATUS_LOGON_TYPE_NOT_GRANTED" messages.
I've been on this for 2 full days now, I've tried everything I could
think of. Any help would be appreciated.
Regards,
Dan O'Brien
(conf files and messaeges below)
/var/log/messages
...
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/smb_signing.c:signing_good(240)
May 21 16:58:13 scandium winbindd[14882]: signing_good: BAD SIG: seq 1
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/clientgen.c:cli_receive_smb(121)
May 21 16:58:13 scandium winbindd[14882]: SMB Signature verification
failed on incoming packet!
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/smb_signing.c:signing_good(240)
May 21 16:58:13 scandium winbindd[14882]: signing_good: BAD SIG: seq 1
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/clientgen.c:cli_receive_smb(121)
May 21 16:58:13 scandium winbindd[14882]: SMB Signature verification
failed on incoming packet!
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/smb_signing.c:signing_good(240)
May 21 16:58:13 scandium winbindd[14882]: signing_good: BAD SIG: seq 1
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/clientgen.c:cli_receive_smb(121)
May 21 16:58:13 scandium winbindd[14882]: SMB Signature verification
failed on incoming packet!
May 21 16:58:13 scandium pam_winbind[17827]: request failed:
NT_STATUS_LOGON_TYPE_NOT_GRANTED, PAM error was 4, NT error was
NT_STATUS_LOGON_TYPE_NOT_GRANTED
May 21 16:58:13 scandium pam_winbind[17827]: internal module error
(retval = 4, user = `user'
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = MYDOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
MYDOMAIN.COM = {
kdc = mydomain.com
admin_server = dc1.mydomain.com
default_domain = mydomain.com
kdc = dc1.mydomain.com
kdc = dc2.mydomain.com
}
[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
smb.conf
[global]
realm = MYDOMAIN.COM
workgroup = mydomain
server string = Scandium
security = ADS
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%U
winbind use default domain = yes
printcap name = /etc/printcap
load printers = yes
cups options = raw
log level = 9
log file = /var/log/samba/%m.log
max log size = 50
password server = dc2.mydomain.com dc2.mydomain.com
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
domain master = no
preferred master = no
dns proxy = no
More information about the samba
mailing list