[Samba] samba ADS-based authentication fails with NT_STATUS_NO_SUCH_USER but wbinfo works

Geoff Winkless samba at geoff.dj
Fri Feb 18 10:13:30 MST 2011

Once again, I forgot to change the "To:" line so apologies to Andrew,
who will have this twice....

Hi Andrew, thanks for the response.

(I've modified the subject line because I just realised I
mis-remembered the error message when I typed the subject line

I was running 3.0.33 on both boxes with identical conf files; it
wasn't working then, so I updated to 3.5 in case it improved matters
(it didn't). I can't get onto the first box right now cos I don't have
admin rights on it and the owner's not here, but I'll try to get the
output from testparm on Monday.

krb5.conf file looks like this:

 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

 default_realm = LAN.XXXX.CO.UK
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

 kdc =
 admin_server =
 default_domain = LAN.XXXX.CO.UK

 .lan.xxxx.co.uk = LAN.XXXX.CO.UK
 lan.xxxx.co.uk = LAN.XXXX.CO.UK

 profile = /var/kerberos/krb5kdc/kdc.conf

 pam = {
  debug = false
  ticket_lifetime = 36000
  renew_lifetime = 36000
  forwardable = true
  krb4_convert = false

Thanks again


On 18 February 2011 16:32, Andrew Masterson
<Andrew.Masterson at nuvistaenergy.com> wrote:
> First thing I would do is a testparm -v on both the old and new boxes, and do a diff -a on those files to see what has changed.
> Samba changes default options between versions so what may have worked on an older version is not guaranteed to work on the new ones.
> Also, what does your krb5.conf file look like?
> -=Andrew

More information about the samba mailing list