SMBD not authenticating against Active Directory
in [Samba]
|
From: saddam abu ghaida on 28 Nov 2008 21:30 could you add the following and send the generated log files os level = 3 passdb:5 auth:10 winbind:5 * spnego has something to do with this failure regards, saddam abu ghaida On Thu, Nov 27, 2008 at 2:01 AM, Kums <kumaran.rajaram(a)gmail.com> wrote: > Hi, > > Iam trying to setup Samba version 3.2.3 on Redhat (RHEL5) server to use > Active Directory for authentication. I followed the instructions from > article in following website: > http://technet.microsoft.com/en-au/magazine/dd228986.aspx > > Setup Winbind + Samba + Kerberos and it seems to work fine. I can see the > users in Active Directory through winbind as well as authenticate users > using NTLM authentication. > > Problem is that Iam unable to access Samba share from Windows clients as AD > user. Analyzing the network traffic on SMBD port gives: > --- > 10.849969 192.168.97.2 -> 192.168.97.5 SMB Session Setup AndX Request, > NTLMSSP_AUTH, User: TESTDOMAIN\testuser > 10.853302 192.168.97.5 -> 192.168.97.2 SMB Session Setup AndX Response, > Error:STATUS_LOGON_FAILURE > -- > > I can however access the Samba share as local user in the Samba server via > smbpasswd: > --- > 166.059746 192.168.97.2 -> 192.168.97.5 SMB Session Setup AndX Request, > NTLMSSP_AUTH, User: D1950-01\kums > 166.068297 192.168.97.5 -> 192.168.97.2 SMB Session Setup AndX Response > 166.068500 192.168.97.2 -> 192.168.97.5 SMB Tree Connect AndX Request, Path: > \\192.168.97.5\global > 166.068787 192.168.97.5 -> 192.168.97.2 SMB Tree Connect AndX Response > --- > > Winbind gives following error, not sure if this is significant for I can > access the AD via "wbinfo" > [2008/11/26 15:22:58, 1] > libsmb/cliconnect.c:cli_session_setup_kerberos(626) > cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot find > KDC for requested realm > > Please see attached for configuration detail + detailed error log. Googling > helped me to get so far, but not completely resolve this issue. > > Please advise. > > Thanks in Advance, > -Kums > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
From: Kums on 29 Nov 2008 23:30 Hi Saddam, Please find the Samba log file attached with the below log level settings. Sorry for the delay in response. Regards, -Kums On Fri, Nov 28, 2008 at 7:22 PM, saddam abu ghaida < saddam.abughaida(a)gmail.com> wrote: > could you add the following and send the generated log files > > os level = 3 passdb:5 auth:10 winbind:5 > > * spnego has something to do with this failure > > regards, > saddam abu ghaida > > > On Thu, Nov 27, 2008 at 2:01 AM, Kums <kumaran.rajaram(a)gmail.com> wrote: > > Hi, > > > > Iam trying to setup Samba version 3.2.3 on Redhat (RHEL5) server to use > > Active Directory for authentication. I followed the instructions from > > article in following website: > > http://technet.microsoft.com/en-au/magazine/dd228986.aspx > > > > Setup Winbind + Samba + Kerberos and it seems to work fine. I can see the > > users in Active Directory through winbind as well as authenticate users > > using NTLM authentication. > > > > Problem is that Iam unable to access Samba share from Windows clients as > AD > > user. Analyzing the network traffic on SMBD port gives: > > --- > > 10.849969 192.168.97.2 -> 192.168.97.5 SMB Session Setup AndX Request, > > NTLMSSP_AUTH, User: TESTDOMAIN\testuser > > 10.853302 192.168.97.5 -> 192.168.97.2 SMB Session Setup AndX Response, > > Error:STATUS_LOGON_FAILURE > > -- > > > > I can however access the Samba share as local user in the Samba server > via > > smbpasswd: > > --- > > 166.059746 192.168.97.2 -> 192.168.97.5 SMB Session Setup AndX Request, > > NTLMSSP_AUTH, User: D1950-01\kums > > 166.068297 192.168.97.5 -> 192.168.97.2 SMB Session Setup AndX Response > > 166.068500 192.168.97.2 -> 192.168.97.5 SMB Tree Connect AndX Request, > Path: > > \\192.168.97.5\global > > 166.068787 192.168.97.5 -> 192.168.97.2 SMB Tree Connect AndX Response > > --- > > > > Winbind gives following error, not sure if this is significant for I can > > access the AD via "wbinfo" > > [2008/11/26 15:22:58, 1] > > libsmb/cliconnect.c:cli_session_setup_kerberos(626) > > cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot find > > KDC for requested realm > > > > Please see attached for configuration detail + detailed error log. > Googling > > helped me to get so far, but not completely resolve this issue. > > > > Please advise. > > > > Thanks in Advance, > > -Kums > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > >
From: saddam abu ghaida on 1 Dec 2008 02:50 hello, add the following to samba socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 idmap config TESTDOMAIN: default = yes idmap config TESTDOMAIN: backend = rid idmap config TESTDOMAIN: range = 10777216-57554431 idmap alloc TESTDOMAIN: range = 10777216-57554431 winbind nested groups = yes winbind use default domain = no prefered master = no and remove the following idmap backend = ad idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 if you still facing the same problem please send the new log once again regards, Saddam Abu Ghaida On Sun, Nov 30, 2008 at 6:13 AM, Kums <kumaran.rajaram(a)gmail.com> wrote: > Hi Saddam, > > Please find the Samba log file attached with the below log level settings. > > Sorry for the delay in response. > > Regards, > -Kums > > On Fri, Nov 28, 2008 at 7:22 PM, saddam abu ghaida > <saddam.abughaida(a)gmail.com> wrote: >> >> could you add the following and send the generated log files >> >> os level = 3 passdb:5 auth:10 winbind:5 >> >> * spnego has something to do with this failure >> >> regards, >> saddam abu ghaida >> >> >> On Thu, Nov 27, 2008 at 2:01 AM, Kums <kumaran.rajaram(a)gmail.com> wrote: >> > Hi, >> > >> > Iam trying to setup Samba version 3.2.3 on Redhat (RHEL5) server to use >> > Active Directory for authentication. I followed the instructions from >> > article in following website: >> > http://technet.microsoft.com/en-au/magazine/dd228986.aspx >> > >> > Setup Winbind + Samba + Kerberos and it seems to work fine. I can see >> > the >> > users in Active Directory through winbind as well as authenticate users >> > using NTLM authentication. >> > >> > Problem is that Iam unable to access Samba share from Windows clients as >> > AD >> > user. Analyzing the network traffic on SMBD port gives: >> > --- >> > 10.849969 192.168.97.2 -> 192.168.97.5 SMB Session Setup AndX Request, >> > NTLMSSP_AUTH, User: TESTDOMAIN\testuser >> > 10.853302 192.168.97.5 -> 192.168.97.2 SMB Session Setup AndX Response, >> > Error:STATUS_LOGON_FAILURE >> > -- >> > >> > I can however access the Samba share as local user in the Samba server >> > via >> > smbpasswd: >> > --- >> > 166.059746 192.168.97.2 -> 192.168.97.5 SMB Session Setup AndX Request, >> > NTLMSSP_AUTH, User: D1950-01\kums >> > 166.068297 192.168.97.5 -> 192.168.97.2 SMB Session Setup AndX Response >> > 166.068500 192.168.97.2 -> 192.168.97.5 SMB Tree Connect AndX Request, >> > Path: >> > \\192.168.97.5\global >> > 166.068787 192.168.97.5 -> 192.168.97.2 SMB Tree Connect AndX Response >> > --- >> > >> > Winbind gives following error, not sure if this is significant for I can >> > access the AD via "wbinfo" >> > [2008/11/26 15:22:58, 1] >> > libsmb/cliconnect.c:cli_session_setup_kerberos(626) >> > cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot find >> > KDC for requested realm >> > >> > Please see attached for configuration detail + detailed error log. >> > Googling >> > helped me to get so far, but not completely resolve this issue. >> > >> > Please advise. >> > >> > Thanks in Advance, >> > -Kums >> > >> > -- >> > To unsubscribe from this list go to the following URL and read the >> > instructions: https://lists.samba.org/mailman/listinfo/samba >> > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
Pages: 1 Prev: smbtorture : Unknown operation mkdir Next: [Samba] AD controller problems. |