[Samba] NT_STATUS_NOT_SUPPORTED
Andre Kruger
Andre.Kruger at TRW.COM
Tue Apr 8 02:10:17 MDT 2014
Hi
My Windows folks made security changes in AD that caused my Samba server to not work with AD anymore. Clients could not authenticate to their shares using their AD credentials anymore. Looking at the Samba log I could see error so I decided to reset the Computer account and to rejoin Samba to AD again.
When I tried to join Samba to AD, "net ads join -U username", I got the following error:
[2014/04/08 09:39:48.298129, 0] libads/sasl.c:823()
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Strong authentication required
Failed to join domain: failed to connect to AD: Strong authentication required
I was able to coerce google into telling me that in order to remedy this error I need to add
"client ldap sasl wrapping = sign"
to my smb.conf file. After adding this line of code I get a new error when I try and join my AD
[2014/04/08 09:40:39.131936, 0] libads/sasl.c:823()
kinit succeeded but ads_sasl_spnego_krb5_bind failed: NT_STATUS_NOT_SUPPORTED
Failed to join domain: failed to connect to AD: NT_STATUS_NOT_SUPPORTED
and I have not been able to persuade google to give this answer up.
I am sure Kerberos works. When I test it, "kinit sambatest at AD.TRW.COM", the test succeeds. I don't get an error. And I can view the ticket with klist.
What does the "NT_STATUS_NOT_SUPPORTED" mean and how do I remedy it?
Here is a copy of my global section:
[global]
workgroup = ADTRW
realm = AD.TRW.COM
server string = SAtlZA-ZFS
security = ADS
log file = /var/samba/log/log.%m
max log size = 500
client ldap sasl wrapping = sign
load printers = No
local master = No
domain master = No
dns proxy = No
idmap uid = 20000-800000
idmap gid = 20000-800000
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
More information about the samba
mailing list