[Samba] Cannot authenticate the administrator account

Rowland Penny rowlandpenny at googlemail.com
Wed Apr 22 09:15:07 MDT 2015


On 22/04/15 16:09, L.P.H. van Belle wrote:
> ahh. stupid me.. yes..
>
> but this should have worked, with the correct pass..
> echo ${SAMBA_NT_ADMIN_PASS}| smbclient //localhost/netlogon -U Administrator -c 'ls'
>
> Thanx for pointing me.. ;-)
>
> Greetz,
>
> Louis
>
>> -----Oorspronkelijk bericht-----
>> Van: rowlandpenny at googlemail.com
>> [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>> Verzonden: woensdag 22 april 2015 17:02
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Cannot authenticate the administrator account
>>
>> On 22/04/15 15:04, L.P.H. van Belle wrote:
>>> Are you sure you have the "correct" administrator password ..
>>>    
>>> this should work ,  echo ${SAMBA_NT_ADMIN_PASS}| smbclient
>> //localhost/netlogon -U Administrator -c 'ls'
>>> that does not involve kerberos yet..
>>>    
>>> Please run:
>>>    
>>> SETHOSTNAME=`hostname -s`
>>> SETDNSDOMAIN=`hostname -d`
>>> SETFQDN=`hostname -f`
>>>
>>> host -t SRV _ldap._tcp.${SETDNSDOMAIN}.
>>>
>>> host -t SRV _kerberos._udp.${SETDNSDOMAIN}.
>>>     
>>> host -t A ${SETHOSTNAME}.${SETDNSDOMAIN}.
>>>
>>> and
>>> cat /etc/hosts
>>>    
>>> and these are your DC's ips?
>>>    
>>> nameserver 75.75.76.76
>>> nameserver 75.75.75.75
>>>
>>>    
>>> Greetz,
>>>    
>>> Louis
>>>    
>>>
>>>
>>>
>>>    
>>> Van: Mike [mailto:1100100 at gmail.com]
>>> Verzonden: woensdag 22 april 2015 15:45
>>> Aan: L.P.H. van Belle
>>> CC: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] Cannot authenticate the administrator account
>>>
>>>
>>>
>>>
>>> On Wed, Apr 22, 2015 at 7:27 AM, L.P.H. van Belle
>> <belle at bazuin.nl> wrote:
>>> can you try the following..
>>> and post the result back.
>>> and /etc/resolv.conf
>>> and /etc/krb5.conf
>>>
>>> copy past it, but set the admin pass fist.
>>> then whats the output.
>>>
>>> SAMBA_NT_ADMIN_PASS="PUT_YOUR-ADMINISTRATOR_PASSWORD_HERE"
>>> SETFQDN=`hostname -f`
>>>
>>> echo "NT Authentication test"
>>> echo ${SAMBA_NT_ADMIN_PASS}| smbclient //localhost/netlogon
>> -U Administrator -c 'ls'
>>> echo "Kerberos Authentication"
>>> echo ${SAMBA_NT_ADMIN_PASS} | kinit Administrator
>>> smbclient //${SETFQDN}/netlogon -U Administrator -c 'ls' -k
>>> kdestroy
>>>
>>>
>>> [root at a10 ~]# cat /etc/resolv.conf
>>> # Generated by NetworkManager
>>> search conpago.mwllc.info
>>> nameserver 75.75.76.76
>>> nameserver 75.75.75.75
>>> [root at a10 etc]# cat krb5.conf
>>> [libdefaults]
>>>       default_realm = MWLLC.INFO
>>>       dns_lookup_realm = false
>>>       dns_lookup_kdc = true
>>>
>>>
>>> [root at a10 etc]# SETFQDN=`hostname -f`
>>> [root at a10 etc]# echo "NT Authentication test"
>>> NT Authentication test
>>> [root at a10 etc]# echo ${SAMBA_NT_ADMIN_PASS}| smbclient
>> //localhost/netlogon -U Administrator -c 'ls'
>>> Enter Administrator's password:
>>> session setup failed: NT_STATUS_LOGON_FAILURE
>>> [root at a10 etc]# echo "Kerberos Authentication"
>>> Kerberos Authentication
>>> [root at a10 etc]# echo ${SAMBA_NT_ADMIN_PASS} | kinit Administrator
>>> kinit: Cannot find KDC for realm "MWLLC.INFO" while getting
>> initial credentials
>>> [root at a10 etc]# smbclient //${SETFQDN}/netlogon -U
>> Administrator -c 'ls' -k
>>> cli_session_setup_kerberos: spnego_gen_krb5_negTokenInit
>> failed: No such file or directory
>>> session setup failed: NT_STATUS_UNSUCCESSFUL
>>> [root at a10 etc]# kdestroy
>>>
>>>
>>>
>>>
>> Hi Louis, did you miss this:
>>
>> [root at a10 ~]# cat /etc/resolv.conf
>> # Generated by NetworkManager
>> search conpago.mwllc.info
>> nameserver 75.75.76.76
>> nameserver 75.75.75.75
>>
>> His realm (from krb5.conf) is 'MWLLC.INFO'
>>
>> Rowland
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
yes, but (yet another thing) what is in /etc/hosts ?

Rowland




More information about the samba mailing list