I forgot to mention I am using RHEL 5.6 I was using Samba3.0 (installed by default) but I removed this and installed Samba 3.3 from the DVD.
Regards B From: Brian O'Mahony Sent: 27 October 2011 16:16 To: samba@lists.samba.org Subject: Issue with joing to ADS2003 domain I have set up LDAP/KRB5 access to my active directory network. If I do a getent passwd, I see the users with a unix UID/GID. If use kinit, I can get a token. If I su to a user, it creates a home folder, and shows correct IDs etc. However the machine will not log in via ssh or the GUI. In secure I see: Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: ccache dir: /tmp Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: keytab: FILE:/etc/krb5.keytab Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: called to authenticate 'ipillion', realm 'MYDOMAIN.COM' Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: authenticating 'ipill...@mydomain.com' Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: trying previously-entered password for 'ipillion', allowing libkrb5 to prompt for more Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: authenticating 'ipill...@mydomain.com' to 'krbtgt/mydomain....@mydomain.com' Oct 27 11:14:56 rhelads sshd[4190]: pam_krb5[4190]: krb5_get_init_creds_password(krbtgt/mydomain....@mydomain.com<mailto:krbtgt/mydomain....@mydomain.com>) returned 0 (Success) Oct 27 11:14:56 rhelads sshd[4190]: pam_krb5[4190]: validating credentials Oct 27 11:15:16 rhelads sshd[4190]: pam_krb5[4190]: error guessing name of local host principal Oct 27 11:15:36 rhelads sshd[4190]: pam_krb5[4190]: TGT failed verification using keytab: Hostname cannot be canonicalized Oct 27 11:15:36 rhelads sshd[4190]: pam_krb5[4190]: got result 0 (Success) Oct 27 11:15:36 rhelads sshd[4190]: pam_krb5[4190]: authentication fails for 'ipillion' (ipill...@mydomain.com<mailto:ipill...@mydomain.com>): Authentication failure (Success) Oct 27 11:15:36 rhelads sshd[4190]: pam_krb5[4190]: pam_authenticate returning 7 (Authentication failure) Oct 27 11:15:38 rhelads sshd[4190]: Failed password for ipillion from 172.16.165.122 port 57518 ssh2 Oct 27 11:15:40 rhelads sshd[4193]: Connection closed by 172.16.165.122 So I try to join the machine to the domain: libads/sasl.c:ads_sasl_spengo_bind(819) kinit suceeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials Failed to join domain: failed to connect to AD: Invalid credentials My smb.conf is here: [global] workgroup = ITD2 realm = mydomain.com security = ads user kerberos keytab = true The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba