[Samba] Cannot authenticate the administrator account

Rowland Penny rowlandpenny at googlemail.com
Wed Apr 22 09:01:43 MDT 2015 

On 22/04/15 15:04, L.P.H. van Belle wrote:
> Are you sure you have the "correct" administrator password ..
>   
> this should work ,  echo ${SAMBA_NT_ADMIN_PASS}| smbclient //localhost/netlogon -U Administrator -c 'ls'
> that does not involve kerberos yet..
>   
> Please run:
>   
> SETHOSTNAME=`hostname -s`
> SETDNSDOMAIN=`hostname -d`
> SETFQDN=`hostname -f`
>
> host -t SRV _ldap._tcp.${SETDNSDOMAIN}.
>
> host -t SRV _kerberos._udp.${SETDNSDOMAIN}.
>    
> host -t A ${SETHOSTNAME}.${SETDNSDOMAIN}.
>
> and
> cat /etc/hosts
>   
> and these are your DC's ips?
>   
> nameserver 75.75.76.76
> nameserver 75.75.75.75
>
>   
> Greetz,
>   
> Louis
>   
>
>
>
>   
> Van: Mike [mailto:1100100 at gmail.com]
> Verzonden: woensdag 22 april 2015 15:45
> Aan: L.P.H. van Belle
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Cannot authenticate the administrator account
>
>
>
>
> On Wed, Apr 22, 2015 at 7:27 AM, L.P.H. van Belle <belle at bazuin.nl> wrote:
> can you try the following..
> and post the result back.
> and /etc/resolv.conf
> and /etc/krb5.conf
>
> copy past it, but set the admin pass fist.
> then whats the output.
>
> SAMBA_NT_ADMIN_PASS="PUT_YOUR-ADMINISTRATOR_PASSWORD_HERE"
> SETFQDN=`hostname -f`
>
> echo "NT Authentication test"
> echo ${SAMBA_NT_ADMIN_PASS}| smbclient //localhost/netlogon -U Administrator -c 'ls'
>
> echo "Kerberos Authentication"
> echo ${SAMBA_NT_ADMIN_PASS} | kinit Administrator
> smbclient //${SETFQDN}/netlogon -U Administrator -c 'ls' -k
> kdestroy
>
>
> [root at a10 ~]# cat /etc/resolv.conf
> # Generated by NetworkManager
> search conpago.mwllc.info
> nameserver 75.75.76.76
> nameserver 75.75.75.75
> [root at a10 etc]# cat krb5.conf
> [libdefaults]
>      default_realm = MWLLC.INFO
>      dns_lookup_realm = false
>      dns_lookup_kdc = true
>
>
> [root at a10 etc]# SETFQDN=`hostname -f`
> [root at a10 etc]# echo "NT Authentication test"
> NT Authentication test
> [root at a10 etc]# echo ${SAMBA_NT_ADMIN_PASS}| smbclient //localhost/netlogon -U Administrator -c 'ls'
> Enter Administrator's password:
> session setup failed: NT_STATUS_LOGON_FAILURE
> [root at a10 etc]# echo "Kerberos Authentication"
> Kerberos Authentication
> [root at a10 etc]# echo ${SAMBA_NT_ADMIN_PASS} | kinit Administrator
> kinit: Cannot find KDC for realm "MWLLC.INFO" while getting initial credentials
> [root at a10 etc]# smbclient //${SETFQDN}/netlogon -U Administrator -c 'ls' -k
> cli_session_setup_kerberos: spnego_gen_krb5_negTokenInit failed: No such file or directory
> session setup failed: NT_STATUS_UNSUCCESSFUL
> [root at a10 etc]# kdestroy
>
>
>
>

Hi Louis, did you miss this:

[root at a10 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search conpago.mwllc.info
nameserver 75.75.76.76
nameserver 75.75.75.75

His realm (from krb5.conf) is 'MWLLC.INFO'

Rowland

More information about the samba mailing list