Howdy gang, I am trying to use samba 3.0 to authenticate using kerberos/ldap to my ADS server. It's not working. I am mostly going by tridge's ADS-HOWTO.
My Setup: - Win2k ADS server (dc-native.home.sln) - Realm name is HOME.SLN - Linux running samba 3.0alpha21cvs from a couple days ago (charlie.home.sln) - MIT kerberos5 1.2.6 - OpenLDAP 2.1.5 - krb5.conf and smb.conf are attached Here is what I am doing: 1. Start smbd/nmbd 2. Run "kdestroy" to empty the ticket cache 3. Run "net ads join -UAdministrator". It says it joined the realm successfully. 4. Run "klist" (not "klist tickets" as mentioned in the HOWTO which errors out) Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 11/12/02 21:49:53 11/13/02 07:49:53 [EMAIL PROTECTED] 11/12/02 21:49:53 11/13/02 07:49:53 dc-native$@HOME.SLN 11/12/02 21:49:55 11/13/02 07:49:53 [EMAIL PROTECTED] 5. Attempt to connect to a share from the dc-native box, which requests a password :-( The interesting (at least to me) part of log.smbd is: [2002/11/12 21:50:38, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(551) Doing spnego session setup [2002/11/12 21:50:38, 3] smbd/sesssetup.c:reply_spnego_negotiate(259) Got OID 1 2 840 48018 1 2 2 [2002/11/12 21:50:38, 3] smbd/sesssetup.c:reply_spnego_negotiate(259) Got OID 1 3 6 1 4 1 311 2 2 10 [2002/11/12 21:50:38, 3] smbd/sesssetup.c:reply_spnego_negotiate(266) Got secblob of size 1339 [2002/11/12 21:50:38, 3] libads/kerberos_verify.c:ads_verify_ticket(125) krb5_rd_req with auth failed (Decrypt integrity check failed) [2002/11/12 21:50:38, 1] smbd/sesssetup.c:reply_spnego_kerberos(134) Failed to verify incoming ticket! [2002/11/12 21:50:38, 3] smbd/error.c:error_packet(94) error string = No such file or directory [2002/11/12 21:50:38, 3] smbd/error.c:error_packet(113) error packet at smbd/sesssetup.c(136) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE Anybody have any idea what I am doing wrong? Full level 10 log available is that helps. Matt Zinkevicius Software Engineer Network Storage Array Solutions Hewlett-Packard
smb.conf
Description: Binary data
krb5.conf
Description: Binary data