From: Thiago Ferreira on
I'm trying to put my Samba Server in AD Win2008, as I did in the past with
Win2003.
I'm using smbd Version 3.2.5, winbindd Version 3.2.5, MIT Kerberos 1.6.1-1
and ntpdate synchronized with AD, I follow this howto
http://wiki.samba.org/index.php/Samba_%26_Active_Directory and this
https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto

All my tests demonstrate the successful when I run the following commands:

# net ads testjoin
Join is OK


# net ads info
LDAP server: 10.215.1.201
LDAP server name: GSCPSVMAD01.gransapore.corp.dc
Realm: GRANSAPORE.CORP.DC
Bind Path: dc=GRANSAPORE,dc=CORP,dc=DC
LDAP port: 389
Server time: Tue, 29 Jun 2010 14:02:24 BRT
KDC server: 10.215.1.201
Server time offset: 4


# net ads status -UAdministrator%Password

# wbinfo -K thiago.ferreira%password
plaintext kerberos password authentication for [thiago.ferreira] succeeded
(requesting cctype: FILE)
credentials were put in: FILE:/tmp/krb5cc_0


# wbinfo -u
# wbinfo -g
# wbinfo -m
# wbinfo -t


# net ads user
# net ads group

# getent passwd
# getent group



But I would like to open a share this Samba using a desktop WinXP and I
can't to do, stay asking login and password to open, however I put the login
and password correct and don't work.
I before to joining the Samba in AD put an entry in DNS with the name fqnd
from my Server samba, stayded cpsmonitor.gransapore.corp.dc with a PTR also,
my file hosts e my resolv.conf is all right.

Bellow follows my smb.conf, my krb5.conf and my logs for analyze. if someone
can help me with any hint...

#less krb5.conf
[libdefaults]
default_realm = GRANSAPORE.CORP.DC
ticket_lifetime = 24000

[realms]
GRANSAPORE.CORP.DC = {
kdc = gscpsvmad01.gransapore.corp.dc
admin_server = gscpsvmad01.gransapore.corp.dc
default_domain = gransapore.corp.dc
}

[domain_realm]
.gransapore.corp.dc = GRANSAPORE.CORP.DC
gransapore.corp.dc = GRANSAPORE.CORP.DC

[login]
krb4_convert = true
krb4_get_tickets = false


#less smb.conf
[global]
workgroup = GRANSAPORE
realm = GRANSAPORE.CORP.DC
security = ADS
auth methods = winbind
password server = gscpsvmad01.gransapore.corp.dc
passdb backend = tdbsam
restrict anonymous = 2
client NTLMv2 auth = Yes
syslog = 2
log file = /var/log/samba/log.%m
max log size = 1000
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind trusted domains only = Yes

[share01]
comment = Network Share
path = /var/spool/samba/share01
valid users = "@Domain Users"
force group = Domain Users
read only = No
create mask = 0664
directory mask = 0775
guest ok = Yes


Samba Logs:

#less log.wb-GRANSAPORE
[2010/06/29 13:38:18, 1] libads/authdata.c:kerberos_return_pac(398)
kinit failed for 'thiago.ferreira(a)GRANSAPORE.CORP.DC' with:
Preauthentication failed (-1765328360)
[2010/06/29 13:38:34, 1]
libads/kerberos.c:smb_krb5_get_ntstatus_from_krb5_error_init_creds_opt(159)
no krb5_error
[2010/06/29 13:38:34, 1] libads/authdata.c:kerberos_return_pac(398)
kinit failed for 'GRANSAPORE\thiago.ferreira(a)GRANSAPORE.CORP.DC' with:
Client not found in Kerberos database (-1765328378)
[2010/06/29 13:38:47, 1]
libads/kerberos.c:smb_krb5_get_ntstatus_from_krb5_error_init_creds_opt(159)
no krb5_error
[2010/06/29 13:38:47, 1] libads/authdata.c:kerberos_return_pac(398)
kinit failed for 'GRANSAPORE\thiago.ferreira(a)GRANSAPORE.CORP.DC' with:
Client not found in Kerberos database (-1765328378)
[2010/06/29 13:38:55, 1]
libads/kerberos.c:smb_krb5_get_ntstatus_from_krb5_error_init_creds_opt(159)
no krb5_error
[2010/06/29 13:38:55, 1] libads/authdata.c:kerberos_return_pac(398)
kinit failed for 'GRANSAPORE.CORP.DC\thiago.ferreira(a)GRANSAPORE.CORP.DC'
with: Client not found in Kerberos database (-1765328378)
[2010/06/29 13:39:05, 1]
libads/kerberos.c:smb_krb5_get_ntstatus_from_krb5_error_init_creds_opt(159)
no krb5_error
[2010/06/29 13:39:05, 1] libads/authdata.c:kerberos_return_pac(398)
kinit failed for 'thiago.ferreira(a)GRANSAPORE.CORP.DC' with:
Preauthentication failed (-1765328360)
[2010/06/29 13:57:37, 1] libsmb/clikrb5.c:ads_krb5_mk_req(680)
ads_krb5_mk_req: krb5_get_credentials failed for GSCPSVMAD01$@GRANSAPORE
(Cannot resolve network address for KDC in requested realm)
[2010/06/29 13:57:37, 1]
libsmb/cliconnect.c:cli_session_setup_kerberos(626)
cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot resolve
network address for KDC in requested realm

#less log.winbindd
[2010/06/29 15:24:40, 0]
winbindd/winbindd_cache.c:initialize_winbindd_cache(2374)
initialize_winbindd_cache: clearing cache and re-creating with version
number 1
[2010/06/29 15:24:40, 1] libsmb/clikrb5.c:ads_krb5_mk_req(680)
ads_krb5_mk_req: krb5_get_credentials failed for GSCPSVMAD01$@GRANSAPORE
(Cannot resolve network address for KDC in requested realm)
[2010/06/29 15:24:40, 1]
libsmb/cliconnect.c:cli_session_setup_kerberos(626)
cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot resolve
network address for KDC in requested realm

#less log.nmbd
[2010/06/29 14:03:18, 0]
nmbd/nmbd_become_lmb.c:become_local_master_stage2(395)
*****
Samba name server CPSMONITOR is now a local master browser for workgroup
GRANSAPORE on subnet 192.168.0.12


Thanks all
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba