[Samba] session setup failed: NT_STATUS_NO_IMPERSONATION_TOKEN
Peter Milesson
miles at atmos.eu
Tue Jul 9 15:42:19 UTC 2024
On 09.07.2024 17:31, Luc Lalonde via samba wrote:
> Hello,
>
> This problem has come back for me and I can't seem to get around it.
>
> When I try to access a share, I get this error:
>
> session setup failed: NT_STATUS_NO_IMPERSONATION_TOKEN
>
> Here's what I have in the logs (samba-4.20.1-1.el9.x86_64):
>
> [2024/07/09 11:22:26.747013, 3]
> ../../auth/kerberos/gssapi_pac.c:120(gssapi_obtain_pac_blob)
> gssapi_obtain_pac_blob: obtaining PAC via GSSAPI
> gss_get_name_attribute failed: The operation or option is not
> available or unsupported: No such file or directory
> [2024/07/09 11:22:26.747103, 1]
> ../../auth/gensec/gensec_util.c:70(gensec_generate_session_info_pac)
> gensec_generate_session_info_pac: Unable to find PAC in ticket from
> username at EXAMPLE.ORG, failing to allow access
>
> This file server is joined to an Active Directory server and I'm able
> to use Winbind to authenticate users without any problems.. NFS mounts
> are working too.
>
> I've even removed the keytab, and machine credentials in AD and
> rejoined... same problem.
>
> Here's the command I used:
>
> realm join --membership-software=samba --computer-ou=OU=Services
> --client-software=winbind example.org
>
> Any ideas?
>
> Thank You!
>
Hi Luc,
The realm command is not a Samba command AFAIK. sssd problem?
Make sure you have winbind installed and configured and sssd
uninstalled. Also check that nscd is not installed, or at least not active.
Read
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Joining_the_Domain
Best regards,
Peter
More information about the samba
mailing list