[Samba] NT_STATUS_NOT_SUPPORTED
L.P.H. van Belle
belle at bazuin.nl
Tue Apr 8 02:26:28 MDT 2014
Which samba version are you using ?
And which linux distro are you using?
That would be nice to know.
>-----Oorspronkelijk bericht-----
>Van: Andre.Kruger at TRW.COM
>[mailto:samba-bounces at lists.samba.org] Namens Andre Kruger
>Verzonden: dinsdag 8 april 2014 10:10
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] NT_STATUS_NOT_SUPPORTED
>
>Hi
>
>My Windows folks made security changes in AD that caused my
>Samba server to not work with AD anymore. Clients could not
>authenticate to their shares using their AD credentials
>anymore. Looking at the Samba log I could see error so I
>decided to reset the Computer account and to rejoin Samba to AD again.
>
>When I tried to join Samba to AD, "net ads join -U username",
>I got the following error:
>
>[2014/04/08 09:39:48.298129, 0] libads/sasl.c:823()
> kinit succeeded but ads_sasl_spnego_krb5_bind failed: Strong
>authentication required
>Failed to join domain: failed to connect to AD: Strong
>authentication required
>
>I was able to coerce google into telling me that in order to
>remedy this error I need to add
>
>"client ldap sasl wrapping = sign"
>
>to my smb.conf file. After adding this line of code I get a
>new error when I try and join my AD
>
>[2014/04/08 09:40:39.131936, 0] libads/sasl.c:823()
> kinit succeeded but ads_sasl_spnego_krb5_bind failed:
>NT_STATUS_NOT_SUPPORTED
>Failed to join domain: failed to connect to AD: NT_STATUS_NOT_SUPPORTED
>
>and I have not been able to persuade google to give this answer up.
>
>I am sure Kerberos works. When I test it, "kinit
>sambatest at AD.TRW.COM", the test succeeds. I don't get an
>error. And I can view the ticket with klist.
>
>What does the "NT_STATUS_NOT_SUPPORTED" mean and how do I remedy it?
>
>Here is a copy of my global section:
>
>[global]
> workgroup = ADTRW
> realm = AD.TRW.COM
> server string = SAtlZA-ZFS
> security = ADS
> log file = /var/samba/log/log.%m
> max log size = 500
> client ldap sasl wrapping = sign
> load printers = No
> local master = No
> domain master = No
> dns proxy = No
> idmap uid = 20000-800000
> idmap gid = 20000-800000
> winbind separator = +
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list