[Samba] NT_STATUS_ACCESS_DENIED when issuing smbclient -k
Marlon Franco
lonmarlon at yahoo.com
Mon Feb 24 14:56:39 UTC 2020
Hi,
I migrated our OLD system to a NEW Debian 10
I can verify that ldap and kerberos are working but i am having issue with samba which is also configured for kerberos
NEW - Debian Buster with samba 4.9.5
OLD - Debian Wheezy with Samba 3.6.6
root at sample:~# kinit abcd
Password for abcd at TEST.DE:
root at sample:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: abcd at TEST.DE
Valid starting Expires Service principal
02/24/2020 11:00:47 02/24/2020 21:00:47 krbtgt/test.de at TEST.DE
renew until 03/02/2020 11:00:47
root at sample:~# smbclient -k -L //sample.test.de/ -d 2
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
added interface enp0s3 ip=10.0.2.15 bcast=10.0.2.255 netmask=255.255.255.0
session setup failed: NT_STATUS_ACCESS_DENIED
root at sample:~# smbclient -L localhost -Uabcd
Enter TEST.DE\abcd's password:
session setup failed: NT_STATUS_LOGON_FAILURE
root at sample:~# klist -kte
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
---- ------------------- ------------------------------------------------------
2 07/17/2013 07:22:50 cifs/sample at TEST.DE (arcfour-hmac)
2 07/17/2013 07:22:21 cifs/sample.test.de at TEST.DE (arcfour-hmac)
root at sample:~# kvno cifs/sample at TEST.DE
cifs/sample at TEST.DE: kvno = 2
here is my smb.conf
[global]
workgroup = test.de
security = user
realm = TEST.DE
kerberos method = system keytab
domain logons = yes
logon path = \\%N\%U\windowsprofile
logon drive = H:
logon home = \\%N\%U
wins support = no
logon script = logon.cmd
add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
log file = /var/log/samba/log.%m
max log size = 1000
More information about the samba
mailing list