[Samba] Logging into Samba PDC with LDAP + Kerberos Backend
in [Samba]
|
Prev: [Samba] How can Samba both work, and, suddenly stop working, simultaneously?
Next: [Samba] Long delays when launching programs for the first time in my Windows 7 Profile (Samba 3.4.3 as PDC)
From: Cliff Flood on 28 Jun 2010 14:30 Hi, I've been working to integrating a Samba PDC, running 3.5.3, with an existing LDAP + Kerberos backend. After much research and testing I've gotten to the point where I can join Windows clients to my domains but I haven't yet managed to get authentication via Samba to work. The goal is to have Windows clients use our single sign-on as we do with the rest of our infrastructure. I'm attempting to use winbind to pass authentication to our existing Kerberos. wbinfo -u and wbinfo -g work as expected but wbinfo -a username%password does not and instead I get: plaintext password authentication failed Could not authenticate user username%password with plaintext password challenge/response password authentication failed error code was NT_STATUS_INVALID_HANDLE (0xc0000008) error messsage was: Invalid handle Could not authenticate user username with challenge/response (I get the same result whether I specify the domain in the command or not. I have attached my krb5.conf and smb.conf, level 10 log files log.winbindd and log.wb-$DOMAIN of a failed wbinfo -a Even though I have been working on this for a few weeks I think there are still some big gaps in my understanding of how this stack of technologies work together so please excuse any glaring errors I have made. I'm eager to know where I've gone wrong so please let me know what I should be looking into and any other information I can provide. Sounds like I could be experiencing this recently reported unconfirmed bug: https://bugzilla.samba.org/show_bug.cgi?id=7481 Anyone else seen this? All responses appreciated. -- Cliff Flood System Administrator +1 416 673 4151 |