[Samba] session setup failed: NT_STATUS_NO_IMPERSONATION_TOKEN
Luc Lalonde
luc.lalonde at polymtl.ca
Tue Jul 9 17:15:02 UTC 2024
Hello Peter,
This system only uses Winbind and NSCD is not installed.
I also tried with these commands and I get the same problem:
net ads join -UAdministrator
net ads keytab add_update_ads nfs/$(hostname -f) -U Administrator
net ads keytab add_update_ads nfs/$(hostname -s) -U Administrator
Thanks.
On 7/9/24 11:42 AM, Peter Milesson via samba wrote:
>
>
> On 09.07.2024 17:31, Luc Lalonde via samba wrote:
>> Hello,
>>
>> This problem has come back for me and I can't seem to get around it.
>>
>> When I try to access a share, I get this error:
>>
>> session setup failed: NT_STATUS_NO_IMPERSONATION_TOKEN
>>
>> Here's what I have in the logs (samba-4.20.1-1.el9.x86_64):
>>
>> [2024/07/09 11:22:26.747013, 3]
>> ../../auth/kerberos/gssapi_pac.c:120(gssapi_obtain_pac_blob)
>> gssapi_obtain_pac_blob: obtaining PAC via GSSAPI
>> gss_get_name_attribute failed: The operation or option is not
>> available or unsupported: No such file or directory
>> [2024/07/09 11:22:26.747103, 1]
>> ../../auth/gensec/gensec_util.c:70(gensec_generate_session_info_pac)
>> gensec_generate_session_info_pac: Unable to find PAC in ticket from
>> username at EXAMPLE.ORG, failing to allow access
>>
>> This file server is joined to an Active Directory server and I'm able
>> to use Winbind to authenticate users without any problems.. NFS
>> mounts are working too.
>>
>> I've even removed the keytab, and machine credentials in AD and
>> rejoined... same problem.
>>
>> Here's the command I used:
>>
>> realm join --membership-software=samba --computer-ou=OU=Services
>> --client-software=winbind example.org
>>
>> Any ideas?
>>
>> Thank You!
>>
> Hi Luc,
>
> The realm command is not a Samba command AFAIK. sssd problem?
>
> Make sure you have winbind installed and configured and sssd
> uninstalled. Also check that nscd is not installed, or at least not
> active.
>
> Read
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Joining_the_Domain
>
> Best regards,
>
> Peter
>
>
--
Luc Lalonde, analyste
-----------------------------
Département de génie informatique et génie logiciel:
École polytechnique de MTL
(514) 340-4711 x5049
Luc.Lalonde at polymtl.ca
-----------------------------
More information about the samba
mailing list