[Samba] session setup failed: NT_STATUS_NO_IMPERSONATION_TOKEN

Luc Lalonde Luc.Lalonde at polymtl.ca
Tue Jul 26 20:45:40 UTC 2022

Wow, that did the trick!   I historically joined using 'msktutil' with 
the '--no-pac' option for some reason that I can't recall.

I retried the same command omitting this option and everything is 
working great now.

Why did this work in the past and it no longer works now?


On 2022-07-26 16:06, Andrew Bartlett wrote:
> On Tue, 2022-07-26 at 15:43 -0400, Luc Lalonde via samba wrote:
>> Hello all,
>> I'm having issues configuring a new  Samba server on a Debian-11
>> instance (Samba 4.13.13).
>> What's working:
>>    * Winbind authentification
>>    * NFSv4 exports using gss/krb5
>> And not working:
>>    * Samba user homes exports
>> Here's the error when I try to access the share:
>> smbclient //fs1.example.com/wadmin -U  -g EXAMPLE.COM
>> Password for [EXAMPLE\wadmin]:
>> session setup failed: NT_STATUS_NO_IMPERSONATION_TOKEN
> This means you have configured the AD account that you have created
> manually for Samba to refuse to send Samba a Kerberos PAC.
> A normal domain join should work.
> Andrew Bartlett
Luc Lalonde, analyste
Département de génie informatique:
École polytechnique de MTL
(514) 340-4711 x5049
Luc.Lalonde at polymtl.ca

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20220726/99570c54/OpenPGP_signature.sig>

More information about the samba mailing list