[Samba] Cannot authenticate the administrator account

Rowland Penny rowlandpenny at googlemail.com
Wed Apr 22 09:09:38 MDT 2015 

On 22/04/15 16:01, Rowland Penny wrote:
> On 22/04/15 15:04, L.P.H. van Belle wrote:
>> Are you sure you have the "correct" administrator password ..
>>   this should work ,  echo ${SAMBA_NT_ADMIN_PASS}| smbclient 
>> //localhost/netlogon -U Administrator -c 'ls'
>> that does not involve kerberos yet..
>>   Please run:
>>   SETHOSTNAME=`hostname -s`
>> SETDNSDOMAIN=`hostname -d`
>> SETFQDN=`hostname -f`
>>
>> host -t SRV _ldap._tcp.${SETDNSDOMAIN}.
>>
>> host -t SRV _kerberos._udp.${SETDNSDOMAIN}.
>>    host -t A ${SETHOSTNAME}.${SETDNSDOMAIN}.
>>
>> and
>> cat /etc/hosts
>>   and these are your DC's ips?
>>   nameserver 75.75.76.76
>> nameserver 75.75.75.75
>>
>>   Greetz,
>>   Louis
>>
>>
>>
>>   Van: Mike [mailto:1100100 at gmail.com]
>> Verzonden: woensdag 22 april 2015 15:45
>> Aan: L.P.H. van Belle
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Cannot authenticate the administrator account
>>
>>
>>
>>
>> On Wed, Apr 22, 2015 at 7:27 AM, L.P.H. van Belle <belle at bazuin.nl> 
>> wrote:
>> can you try the following..
>> and post the result back.
>> and /etc/resolv.conf
>> and /etc/krb5.conf
>>
>> copy past it, but set the admin pass fist.
>> then whats the output.
>>
>> SAMBA_NT_ADMIN_PASS="PUT_YOUR-ADMINISTRATOR_PASSWORD_HERE"
>> SETFQDN=`hostname -f`
>>
>> echo "NT Authentication test"
>> echo ${SAMBA_NT_ADMIN_PASS}| smbclient //localhost/netlogon -U 
>> Administrator -c 'ls'
>>
>> echo "Kerberos Authentication"
>> echo ${SAMBA_NT_ADMIN_PASS} | kinit Administrator
>> smbclient //${SETFQDN}/netlogon -U Administrator -c 'ls' -k
>> kdestroy
>>
>>
>> [root at a10 ~]# cat /etc/resolv.conf
>> # Generated by NetworkManager
>> search conpago.mwllc.info
>> nameserver 75.75.76.76
>> nameserver 75.75.75.75
>> [root at a10 etc]# cat krb5.conf
>> [libdefaults]
>>      default_realm = MWLLC.INFO
>>      dns_lookup_realm = false
>>      dns_lookup_kdc = true
>>
>>
>> [root at a10 etc]# SETFQDN=`hostname -f`
>> [root at a10 etc]# echo "NT Authentication test"
>> NT Authentication test
>> [root at a10 etc]# echo ${SAMBA_NT_ADMIN_PASS}| smbclient 
>> //localhost/netlogon -U Administrator -c 'ls'
>> Enter Administrator's password:
>> session setup failed: NT_STATUS_LOGON_FAILURE
>> [root at a10 etc]# echo "Kerberos Authentication"
>> Kerberos Authentication
>> [root at a10 etc]# echo ${SAMBA_NT_ADMIN_PASS} | kinit Administrator
>> kinit: Cannot find KDC for realm "MWLLC.INFO" while getting initial 
>> credentials
>> [root at a10 etc]# smbclient //${SETFQDN}/netlogon -U Administrator -c 
>> 'ls' -k
>> cli_session_setup_kerberos: spnego_gen_krb5_negTokenInit failed: No 
>> such file or directory
>> session setup failed: NT_STATUS_UNSUCCESSFUL
>> [root at a10 etc]# kdestroy
>>
>>
>>
>>
>
> Hi Louis, did you miss this:
>
> [root at a10 ~]# cat /etc/resolv.conf
> # Generated by NetworkManager
> search conpago.mwllc.info
> nameserver 75.75.76.76
> nameserver 75.75.75.75
>
> His realm (from krb5.conf) is 'MWLLC.INFO'
>
> Rowland
>

and another thing, why is NetworkManager setting /etc/resolv.conf anyway ?
The DC ip info should be in /etc/network/interfaces (on debian) and 
network manager removed.

Rowland

More information about the samba mailing list