[Samba] SMBD not authenticating against Active Directory

Kums kumaran.rajaram at gmail.com
Sun Nov 30 04:13:27 GMT 2008


Hi Saddam,

Please find the Samba log file attached with the below log level settings.

Sorry for the delay in response.

Regards,
-Kums

On Fri, Nov 28, 2008 at 7:22 PM, saddam abu ghaida <
saddam.abughaida at gmail.com> wrote:

> could you add the following and send the generated log files
>
> os level = 3 passdb:5 auth:10 winbind:5
>
> *   spnego has something to do with this failure
>
> regards,
> saddam abu ghaida
>
>
> On Thu, Nov 27, 2008 at 2:01 AM, Kums <kumaran.rajaram at gmail.com> wrote:
> > Hi,
> >
> > Iam trying to setup Samba version 3.2.3 on Redhat (RHEL5) server to use
> > Active Directory for authentication. I followed the instructions from
> > article in following website:
> > http://technet.microsoft.com/en-au/magazine/dd228986.aspx
> >
> > Setup Winbind + Samba + Kerberos and it seems to work fine. I can see the
> > users in Active Directory through winbind as well as authenticate users
> > using NTLM authentication.
> >
> > Problem is that Iam unable to access Samba share from Windows clients as
> AD
> > user. Analyzing the network traffic on SMBD port gives:
> > ---
> > 10.849969 192.168.97.2 -> 192.168.97.5 SMB Session Setup AndX Request,
> > NTLMSSP_AUTH, User: TESTDOMAIN\testuser
> > 10.853302 192.168.97.5 -> 192.168.97.2 SMB Session Setup AndX Response,
> > Error:STATUS_LOGON_FAILURE
> > --
> >
> > I can however access the Samba share as local user in the Samba server
> via
> > smbpasswd:
> > ---
> > 166.059746 192.168.97.2 -> 192.168.97.5 SMB Session Setup AndX Request,
> > NTLMSSP_AUTH, User: D1950-01\kums
> > 166.068297 192.168.97.5 -> 192.168.97.2 SMB Session Setup AndX Response
> > 166.068500 192.168.97.2 -> 192.168.97.5 SMB Tree Connect AndX Request,
> Path:
> > \\192.168.97.5\global
> > 166.068787 192.168.97.5 -> 192.168.97.2 SMB Tree Connect AndX Response
> > ---
> >
> > Winbind gives following error, not sure if this is significant for I can
> > access the AD via "wbinfo"
> > [2008/11/26 15:22:58,  1]
> > libsmb/cliconnect.c:cli_session_setup_kerberos(626)
> >  cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot find
> > KDC for requested realm
> >
> > Please see attached for configuration detail + detailed error log.
> Googling
> > helped me to get so far, but not completely resolve this issue.
> >
> > Please advise.
> >
> > Thanks in Advance,
> > -Kums
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
>


More information about the samba mailing list