[Samba] session setup failed: NT_STATUS_NO_IMPERSONATION_TOKEN
Luc Lalonde
luc.lalonde at polymtl.ca
Tue Jul 9 18:22:44 UTC 2024
Yes, not using SSSD, only WINBIND
On 7/9/24 2:15 PM, Rowland Penny via samba wrote:
> On Tue, 9 Jul 2024 18:29:15 +0100
> Rowland Penny via samba <samba at lists.samba.org> wrote:
>
>> On Tue, 9 Jul 2024 11:31:04 -0400
>> Luc Lalonde via samba <samba at lists.samba.org> wrote:
>>
>>> Hello,
>>>
>>> This problem has come back for me and I can't seem to get around it.
>>>
>>> When I try to access a share, I get this error:
>>>
>>> session setup failed: NT_STATUS_NO_IMPERSONATION_TOKEN
>>>
>>> Here's what I have in the logs (samba-4.20.1-1.el9.x86_64):
>>>
>>> [2024/07/09 11:22:26.747013, 3]
>>> ../../auth/kerberos/gssapi_pac.c:120(gssapi_obtain_pac_blob)
>>> gssapi_obtain_pac_blob: obtaining PAC via GSSAPI
>>> gss_get_name_attribute failed: The operation or option is not
>>> available or unsupported: No such file or directory
>>> [2024/07/09 11:22:26.747103, 1]
>>> ../../auth/gensec/gensec_util.c:70(gensec_generate_session_info_pac)
>>> gensec_generate_session_info_pac: Unable to find PAC in ticket
>>> from username at EXAMPLE.ORG, failing to allow access
>>>
>>> This file server is joined to an Active Directory server and I'm
>>> able to use Winbind to authenticate users without any problems.. NFS
>>> mounts are working too.
>>>
>>> I've even removed the keytab, and machine credentials in AD and
>>> rejoined... same problem.
>>>
>>> Here's the command I used:
>>>
>>> realm join --membership-software=samba --computer-ou=OU=Services
>>> --client-software=winbind example.org
>>>
>>> Any ideas?
>> Yes, stop using a freeipa command to join AD, use this instead:
>>
>> net ads join -U administrator
>>
>> Also, have you setup the smb.conf, /etc/krb5.conf etc correctly ?
>>
>> Rowland
>>
>>
> Adding to the above, are you running winbind ? Also have you turned off
> sssd ?
>
> Rowland
>
--
Luc Lalonde, analyste
-----------------------------
Département de génie informatique et génie logiciel:
École polytechnique de MTL
(514) 340-4711 x5049
Luc.Lalonde at polymtl.ca
-----------------------------
More information about the samba
mailing list