[Samba] Cannot authenticate the administrator account
L.P.H. van Belle
belle at bazuin.nl
Wed Apr 22 09:09:08 MDT 2015
ahh. stupid me.. yes..
but this should have worked, with the correct pass..
echo ${SAMBA_NT_ADMIN_PASS}| smbclient //localhost/netlogon -U Administrator -c 'ls'
Thanx for pointing me.. ;-)
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: rowlandpenny at googlemail.com
>[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>Verzonden: woensdag 22 april 2015 17:02
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Cannot authenticate the administrator account
>
>On 22/04/15 15:04, L.P.H. van Belle wrote:
>> Are you sure you have the "correct" administrator password ..
>>
>> this should work , echo ${SAMBA_NT_ADMIN_PASS}| smbclient
>//localhost/netlogon -U Administrator -c 'ls'
>> that does not involve kerberos yet..
>>
>> Please run:
>>
>> SETHOSTNAME=`hostname -s`
>> SETDNSDOMAIN=`hostname -d`
>> SETFQDN=`hostname -f`
>>
>> host -t SRV _ldap._tcp.${SETDNSDOMAIN}.
>>
>> host -t SRV _kerberos._udp.${SETDNSDOMAIN}.
>>
>> host -t A ${SETHOSTNAME}.${SETDNSDOMAIN}.
>>
>> and
>> cat /etc/hosts
>>
>> and these are your DC's ips?
>>
>> nameserver 75.75.76.76
>> nameserver 75.75.75.75
>>
>>
>> Greetz,
>>
>> Louis
>>
>>
>>
>>
>>
>> Van: Mike [mailto:1100100 at gmail.com]
>> Verzonden: woensdag 22 april 2015 15:45
>> Aan: L.P.H. van Belle
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Cannot authenticate the administrator account
>>
>>
>>
>>
>> On Wed, Apr 22, 2015 at 7:27 AM, L.P.H. van Belle
><belle at bazuin.nl> wrote:
>> can you try the following..
>> and post the result back.
>> and /etc/resolv.conf
>> and /etc/krb5.conf
>>
>> copy past it, but set the admin pass fist.
>> then whats the output.
>>
>> SAMBA_NT_ADMIN_PASS="PUT_YOUR-ADMINISTRATOR_PASSWORD_HERE"
>> SETFQDN=`hostname -f`
>>
>> echo "NT Authentication test"
>> echo ${SAMBA_NT_ADMIN_PASS}| smbclient //localhost/netlogon
>-U Administrator -c 'ls'
>>
>> echo "Kerberos Authentication"
>> echo ${SAMBA_NT_ADMIN_PASS} | kinit Administrator
>> smbclient //${SETFQDN}/netlogon -U Administrator -c 'ls' -k
>> kdestroy
>>
>>
>> [root at a10 ~]# cat /etc/resolv.conf
>> # Generated by NetworkManager
>> search conpago.mwllc.info
>> nameserver 75.75.76.76
>> nameserver 75.75.75.75
>> [root at a10 etc]# cat krb5.conf
>> [libdefaults]
>> default_realm = MWLLC.INFO
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>>
>>
>> [root at a10 etc]# SETFQDN=`hostname -f`
>> [root at a10 etc]# echo "NT Authentication test"
>> NT Authentication test
>> [root at a10 etc]# echo ${SAMBA_NT_ADMIN_PASS}| smbclient
>//localhost/netlogon -U Administrator -c 'ls'
>> Enter Administrator's password:
>> session setup failed: NT_STATUS_LOGON_FAILURE
>> [root at a10 etc]# echo "Kerberos Authentication"
>> Kerberos Authentication
>> [root at a10 etc]# echo ${SAMBA_NT_ADMIN_PASS} | kinit Administrator
>> kinit: Cannot find KDC for realm "MWLLC.INFO" while getting
>initial credentials
>> [root at a10 etc]# smbclient //${SETFQDN}/netlogon -U
>Administrator -c 'ls' -k
>> cli_session_setup_kerberos: spnego_gen_krb5_negTokenInit
>failed: No such file or directory
>> session setup failed: NT_STATUS_UNSUCCESSFUL
>> [root at a10 etc]# kdestroy
>>
>>
>>
>>
>
>Hi Louis, did you miss this:
>
>[root at a10 ~]# cat /etc/resolv.conf
># Generated by NetworkManager
>search conpago.mwllc.info
>nameserver 75.75.76.76
>nameserver 75.75.75.75
>
>His realm (from krb5.conf) is 'MWLLC.INFO'
>
>Rowland
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list