Here's maybe even more relevant part of the log:
[2004/10/18 08:08:04, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 3 6 1 4 1 311 2 2 10 [2004/10/18 08:08:04, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 2 840 48018 1 2 2 [2004/10/18 08:08:04, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 2 840 113554 1 2 2 [2004/10/18 08:08:04, 3] smbd/sesssetup.c:reply_spnego_negotiate(447) Got secblob of size 48 [2004/10/18 08:08:04, 5] auth/auth.c:make_auth_context_subsystem(498) Making default auth method list for security=ADS
If I interpret it correctly, then either KRB5 is not compiled in for this smbd or OID return by ADS does not require Kerberos authentication...
Igor
Greg Adams wrote:
That completely sucks!
kinit and klist seem to work: ********************************************************************************************************* # kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
10/20/04 09:20:13 10/20/04 19:20:14 krbtgt/[EMAIL PROTECTED]
renew until 10/21/04 09:20:13
*********************************************************************************************************
I don't have a krb5.conf to screw things up, on the recommendation of
either the Official Samba Howto or the By Example document.
*********************************************************************************************************
Here's my smb.conf:
# cat smb.conf
[global]
workgroup = EDSADDDM realm = EDSADDDM.DDM.APM.BPM.EDS.COM
server string = Maul Test Server
log level = 2
max log size = 100
security = ADS
local master = no
os level = 0
domain master = no
preferred master = no
wins server = 199.42.192.103 dns proxy = no
encrypt passwords = yes
idmap uid = 60000-70000 idmap gid = 80000-90000
winbind enum users = yes winbind enum groups = yes
winbind separator = +
winbind use default domain = no
[space] comment = Space Partition Share path = /space writable = yes browsable = yes valid users = "EDSADDDM+imguser" ********************************************************************************************************* So can anyone tell me what's causing Samba to use NTLM authentication instead of Kerberos? And how do I fix it?
Greg
On Wed, 20 Oct 2004 11:10:29 -0500, Gerald (Jerry) Carter
<[EMAIL PROTECTED]> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Greg Adams wrote: | I tried to send a level 10 log from the moment of connection to the | user that should be mapped touching a file, but the attachment was too | large and the messages bounced, awaiting moderator approval. So | instead, I'll try to post the sections I think are relevant here: | | searching for spnego and username.map led me to this section: | ********************************************************************************************************* | [2004/10/18 08:19:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) | Doing spnego session setup | [2004/10/18 08:19:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) | NativeOS=[Windows 2002 Service Pack 1 2600] NativeLanMan=[Windows | 2002 5.1] PrimaryDomain=[] | [2004/10/18 08:19:25, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) | Got user=[imguser] domain=[EDSADDDM] workstation=[MULE] len1=24 | len2=24
NTLMSSP authentication here. Not kerberos. :-) So maybe you have 2 problems going on ? username map and kerberos....
| Scanning username map /opt/samba/lib/username.map | user_in_list: checking user imguser in list | user_in_list: checking user |imguser| against |EDSADDDM+imguser| | make_user_info_map: Mapping user [EDSADDDM]\[imguser] from | workstation [MULE]
cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBdo31IR7qMdg1EfYRAsQxAKDPJvHy9xEcDFj2vs206GRyQ3nkdgCffYBy zU0nasCPyhoO9pfobcZDpIo= =YogI -----END PGP SIGNATURE-----
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
