[Samba] smbclient kerberos AD and = not found in Kerberos database

lejeczek peljasz at yahoo.co.uk
Thu Jun 2 10:58:43 UTC 2016 

dear users

I've followed sssd wiki and I think I have my samba AD run 
as a member - I can get to it's shares from a win10 box, 
moreover I can get to win10's share from the samba server 
itself(with passwords).

I can also get to DC's shares, but when on the samba server 
itself I do:

smbclient -L //samba -U me at MY.PRIVATE.DOM.LOCAL -d4

Connecting to 10.5.6.32 at port 445
  session request ok
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
   NTLMSSP_NEGOTIATE_UNICODE
   NTLMSSP_REQUEST_TARGET
   NTLMSSP_NEGOTIATE_SIGN
   NTLMSSP_NEGOTIATE_NTLM
   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
   NTLMSSP_TARGET_TYPE_DOMAIN
   NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
   NTLMSSP_NEGOTIATE_TARGET_INFO
   NTLMSSP_NEGOTIATE_VERSION
   NTLMSSP_NEGOTIATE_128
   NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
   NTLMSSP_NEGOTIATE_UNICODE
   NTLMSSP_REQUEST_TARGET
   NTLMSSP_NEGOTIATE_SIGN
   NTLMSSP_NEGOTIATE_NTLM
   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
   NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
   NTLMSSP_NEGOTIATE_VERSION
   NTLMSSP_NEGOTIATE_128
   NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
   NTLMSSP_NEGOTIATE_UNICODE
   NTLMSSP_REQUEST_TARGET
   NTLMSSP_NEGOTIATE_SIGN
   NTLMSSP_NEGOTIATE_NTLM
   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
   NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
   NTLMSSP_NEGOTIATE_VERSION
   NTLMSSP_NEGOTIATE_128
   NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE

and in samba logs:

[2016/06/02 11:57:27.586716, 0] 
../source3/auth/auth_domain.c:265(domain_client_validate)
   domain_client_validate: Domain password server not available.

I there something I should check first before dumping the 
configs on the list?

many thanks.

L.

More information about the samba mailing list