Hello,
I’m trying to set up my samba server 3.0.26a on opensuse 10.3 as a member of the active directory domain, so that client connections can be authenticated by the AD server. Unfortunately when I try to connect to the samba server from a windows XP system, it keeps on asking me for user name and password.
I’ve been reading through various howto’s and descriptions but no matter what I change on the settings I still get the same result.
So hopefully someone can help me out with this.
Here is my config:
[libdefaults]
default_realm = TESTDOM.ORG
clockskew = 300
#dns_lookup_realm = false
#dns_lookup_kdc = false
[realms]
TESTDOM.ORG = {
kdc = SRV.testdom.org
}
[domain_realms]
.testdom.org = TESTDOM.ORG
[logging]
default = FILE:/var/log/krb5/krb5libs.log
kdc = FILE:/var/log/krb5/kdc.log
kadmind = FILE:/var/log/krb5/kadmind.log
With this config I can execute the kinit command and get a ticket which I can view with klist.
Here is the smb.conf file:
[global]
workgroup = TESTDOM
netbios name = jaguar
realm = TESTDOM.ORG
idmap uid = 100000-1000000
idmap gid = 100000-1000000
security = ads
encrypt passwords = yes
password server = 10.88.36.6
client use spnego = yes
log level = 3
log file = /var/log/samba/log.%m
max log size = 50
template shell = /bin/bash
template homedir = /home/%U
winbind enum users = yes
winbind enum groups = yes
preferred master = No
local master = No
domain master = No
printing = cups
cups options = raw
print command =
lpq command = %p
lprm command =
[test]
comment = test folder for ads
path = /home/test
browseable = yes
read only = No
guest ok = no
create mask = 0770
directory mask = 0770
With this config I am able to execute wbinfo -u and get a list of users. But I have to execute it a few times unitl I see the list. Is this normal? However I am albe to map a sid to use and do other queries for user informations with wbinfo.
I guess this is all I need so far. Now if I open explorer on the windows box and enter \jaguar I get the user name and password promt all the time. Also entering username and password won’t change anything.
The log file says ‘invalid user’ which I beleive is the problem. But why???
[2008/08/29 11:40:00, 3] smbd/negprot.c:reply_nt1(364)
using SPNEGO
[2008/08/29 11:40:00, 3] smbd/negprot.c:reply_negprot(606)
Selected protocol NT LM 0.12
[2008/08/29 11:40:00, 3] smbd/process.c:process_smb(1069)
Transaction 1 of length 1668
[2008/08/29 11:40:00, 3] smbd/process.c:switch_message(927)
switch message SMBsesssetupX (pid 21191) conn 0x0
[2008/08/29 11:40:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/08/29 11:40:00, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1244)
wct=12 flg2=0xc807
[2008/08/29 11:40:00, 2] smbd/sesssetup.c:setup_new_vc_session(1200)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2008/08/29 11:40:00, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029)
Doing spnego session setup
[2008/08/29 11:40:00, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=]
[2008/08/29 11:40:00, 3] smbd/sesssetup.c:reply_spnego_negotiate(697)
reply_spnego_negotiate: Got secblob of size 1436
[2008/08/29 11:40:00, 3] smbd/sesssetup.c:reply_spnego_kerberos(321)
Ticket name is [AWM013@TESTDOM.ORG]
[2008/08/29 11:40:00, 1] smbd/sesssetup.c:reply_spnego_kerberos(439)
Username TESTDOM\AWM013 is invalid on this system <-------------------- There it is
[2008/08/29 11:40:00, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/sesssetup.c(444) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2008/08/29 11:40:00, 3] smbd/process.c:process_smb(1069)
Transaction 2 of length 1668
[2008/08/29 11:40:00, 3] smbd/process.c:switch_message(927)
switch message SMBsesssetupX (pid 21191) conn 0x0
[2008/08/29 11:40:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/08/29 11:40:00, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1244)
wct=12 flg2=0xc807
[2008/08/29 11:40:00, 2] smbd/sesssetup.c:setup_new_vc_session(1200)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2008/08/29 11:40:00, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029)
Doing spnego session setup
[2008/08/29 11:40:00, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=]
[2008/08/29 11:40:00, 3] smbd/sesssetup.c:reply_spnego_negotiate(697)
reply_spnego_negotiate: Got secblob of size 1436
[2008/08/29 11:40:00, 3] smbd/sesssetup.c:reply_spnego_kerberos(321)
Ticket name is [AWM013@TESTDOM.ORG]
[2008/08/29 11:40:00, 1] smbd/sesssetup.c:reply_spnego_kerberos(439)
Username TESTDOM\AWM013 is invalid on this system
[2008/08/29 11:40:00, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/sesssetup.c(444) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2008/08/29 11:40:00, 3] smbd/process.c:timeout_processing(1329)
timeout_processing: End of file from client (client has disconnected).
[2008/08/29 11:40:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/08/29 11:40:00, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2008/08/29 11:40:00, 3] smbd/server.c:exit_server_common(768)
Server exit (normal exit)
Thanks for any help on this.
Wolfgang