[Samba] samba ADS-based authentication fails with NT_STATUS_NO_SUCH_USER but wbinfo works
Geoff Winkless
samba at geoff.dj
Fri Feb 18 10:13:30 MST 2011
Once again, I forgot to change the "To:" line so apologies to Andrew,
who will have this twice....
Hi Andrew, thanks for the response.
(I've modified the subject line because I just realised I
mis-remembered the error message when I typed the subject line
before...)
I was running 3.0.33 on both boxes with identical conf files; it
wasn't working then, so I updated to 3.5 in case it improved matters
(it didn't). I can't get onto the first box right now cos I don't have
admin rights on it and the owner's not here, but I'll try to get the
output from testparm on Monday.
krb5.conf file looks like this:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = LAN.XXXX.CO.UK
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
LAN.XXXX.CO.UK = {
kdc = 192.168.3.1
admin_server = 192.168.3.1
default_domain = LAN.XXXX.CO.UK
}
[domain_realm]
.lan.xxxx.co.uk = LAN.XXXX.CO.UK
lan.xxxx.co.uk = LAN.XXXX.CO.UK
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Thanks again
Geoff
On 18 February 2011 16:32, Andrew Masterson
<Andrew.Masterson at nuvistaenergy.com> wrote:
> First thing I would do is a testparm -v on both the old and new boxes, and do a diff -a on those files to see what has changed.
>
> Samba changes default options between versions so what may have worked on an older version is not guaranteed to work on the new ones.
>
> Also, what does your krb5.conf file look like?
>
> -=Andrew
More information about the samba
mailing list