[Samba] NT_STATUS_NOT_SUPPORTED

L.P.H. van Belle belle at bazuin.nl
Tue Apr 8 02:26:28 MDT 2014 

Which samba version are you using ? 
And which linux distro are you using?

That would be nice to know. 
 

>-----Oorspronkelijk bericht-----
>Van: Andre.Kruger at TRW.COM 
>[mailto:samba-bounces at lists.samba.org] Namens Andre Kruger
>Verzonden: dinsdag 8 april 2014 10:10
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] NT_STATUS_NOT_SUPPORTED
>
>Hi
>
>My Windows folks made security changes in AD that caused my 
>Samba server to not work with AD anymore. Clients could not 
>authenticate to their shares using their AD credentials 
>anymore. Looking at the Samba log I could see error so I 
>decided to reset the Computer account and to rejoin Samba to AD again.
>
>When I tried to join Samba to AD, "net ads join -U username", 
>I got the following error:
>
>[2014/04/08 09:39:48.298129,  0] libads/sasl.c:823()
>  kinit succeeded but ads_sasl_spnego_krb5_bind failed: Strong 
>authentication required
>Failed to join domain: failed to connect to AD: Strong 
>authentication required
>
>I was able to coerce google into telling me that in order to 
>remedy this error I need to add
>
>"client ldap sasl wrapping = sign"
>
>to my smb.conf file. After adding this line of code I get a 
>new error when I try and join my AD
>
>[2014/04/08 09:40:39.131936,  0] libads/sasl.c:823()
>  kinit succeeded but ads_sasl_spnego_krb5_bind failed: 
>NT_STATUS_NOT_SUPPORTED
>Failed to join domain: failed to connect to AD: NT_STATUS_NOT_SUPPORTED
>
>and I have not been able to persuade google to give this answer up.
>
>I am sure Kerberos works. When I test it, "kinit 
>sambatest at AD.TRW.COM", the test succeeds. I don't get an 
>error. And I can view the ticket with klist.
>
>What does the "NT_STATUS_NOT_SUPPORTED" mean and how do I remedy it?
>
>Here is a copy of my global section:
>
>[global]
>        workgroup = ADTRW
>        realm = AD.TRW.COM
>        server string = SAtlZA-ZFS
>        security = ADS
>        log file = /var/samba/log/log.%m
>        max log size = 500
>        client ldap sasl wrapping = sign
>        load printers = No
>        local master = No
>        domain master = No
>        dns proxy = No
>        idmap uid = 20000-800000
>        idmap gid = 20000-800000
>        winbind separator = +
>        winbind enum users = Yes
>        winbind enum groups = Yes
>        winbind use default domain = Yes
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list