[Samba] Oracle 11 nts authentication againts samba4 AD DC

schnaggy samba at schnaggy.de
Thu Mar 5 02:24:10 MST 2015

Izan Díez Sánchez <ids <at> empre.es> writes:

> Hi again. I apologize for my vague previous question. After some 
> investigation I can be much more precise in my consult. Furthermore, I 
> think I found a bug...
> Context:
> -Samba4 AD DC working fine with many user and machine accouns.
> -Windows7 client trying to connect via sqlplus to an oracle database 
> residing in a Windows2008 server. Both machines are in the domain.
> -Server database is using Operating System Authentication, i.e. it 
> relies on the client to authenticate the user connecting to the 
> database. The user is a Domain User, therefore eventually authentication 
> falls to the domain controller and kerberos.
> Error:
> -ORA-12638: Credential retrieval failed.

Hi Izan,

same problem here. With your hint - the missing dollar sign - we tried the
following: Using ldbedit we removed the '$' from the saMAccount property and
the oracle sqlplus authentication worked.
Unfortunately this is not a well working workaround because now the
remotedesktop authentication doesn't work any longer.
After the horrible Credentialmanager Problem -
https://bugzilla.samba.org/show_bug.cgi?id=11097 - this is the second bug,
not to use samba 4.1 AD within a production env. 
We use the sernet debian packages 4.1.17-9.

Hope someone will soon fix this.



More information about the samba mailing list