[Samba] Logging into Samba PDC with LDAP + Kerberos Backend

Cliff Flood cflood at ca.afilias.info
Mon Jun 28 12:22:17 MDT 2010 

Hi,

I've been working to integrating a Samba PDC, running 3.5.3, with an
existing LDAP + Kerberos backend.

After much research and testing I've gotten to the point where I can
join Windows clients to my domains but I haven't yet managed to get
authentication via Samba to work. The goal is to have Windows clients
use our single sign-on as we do with the rest of our infrastructure.

I'm attempting to use winbind to pass authentication to our existing
Kerberos.

wbinfo -u and wbinfo -g work as expected but wbinfo -a username%password
does not and instead I get:

plaintext password authentication failed
Could not authenticate user username%password with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_INVALID_HANDLE (0xc0000008)
error messsage was: Invalid handle
Could not authenticate user username with challenge/response

(I get the same result whether I specify the domain in the command or not.

I have attached my krb5.conf and smb.conf, level 10 log files
log.winbindd and log.wb-$DOMAIN of a failed wbinfo -a

Even though I have been working on this for a few weeks I think there
are still some big gaps in my understanding of how this stack of
technologies work together so please excuse any glaring errors I have made.

I'm eager to know where I've gone wrong so please let me know what I
should be looking into and any other information I can provide.

Sounds like I could be experiencing this recently reported unconfirmed bug:

https://bugzilla.samba.org/show_bug.cgi?id=7481

Anyone else seen this?

All responses appreciated.

-- 
Cliff Flood
System Administrator
+1 416 673 4151
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: krb5.conf
URL: <http://lists.samba.org/pipermail/samba/attachments/20100628/3c2b1fa3/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: log.wb-SAMBALAB
URL: <http://lists.samba.org/pipermail/samba/attachments/20100628/3c2b1fa3/attachment-0001.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: log.winbindd
URL: <http://lists.samba.org/pipermail/samba/attachments/20100628/3c2b1fa3/attachment-0002.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: smb.conf
URL: <http://lists.samba.org/pipermail/samba/attachments/20100628/3c2b1fa3/attachment-0003.ksh>

More information about the samba mailing list