Also, looking further at this, shouldn't winbind use the realm rather than the workgroup for this?
Thanks /Jonathan On Wed, Sep 23, 2009 at 11:04 AM, Jonathan Petersson <[email protected]> wrote: > Hi all, > > I've been working on getting Samba to authenticate via ADS for the > past few weeks with some lack of success. I had somewhat of a > breakthrough the other day realizing that the problem was related to > the kerberos authentication between Samba and the Win 2008 R2 AD > server. Trying to fix this I generated a keytab with ktpass which I > uploaded to the server. > > I've been successful to join the server in the domain, wbinfo and > kinit responds as one wants it to but when upon samba and winbind > starting I'm seeing the following in the logs which I'm guessing is > the cause for me being unable to authenticate any users: > > log.wb-PRESIDIO > ads_krb5_mk_req: krb5_get_credentials failed for p...@presidio > (Cannot find KDC for requested realm) > [2009/09/23 10:54:31, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(624) > cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot > find KDC for requested realm > [2009/09/23 10:54:31, 0] rpc_client/cli_pipe.c:cli_pipe_verify_schannel(494) > cli_pipe_verify_schannel: auth_len 56. > > log.winbindd > [2009/09/23 10:54:30, 0] > winbindd/winbindd_cache.c:initialize_winbindd_cache(2577) > initialize_winbindd_cache: clearing cache and re-creating with > version number 1 > [2009/09/23 10:54:31, 1] libsmb/clikrb5.c:ads_krb5_mk_req(686) > ads_krb5_mk_req: krb5_get_credentials failed for p...@presidio > (Cannot find KDC for requested realm) > [2009/09/23 10:54:31, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(624) > cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot > find KDC for requested realm > [2009/09/23 10:54:31, 1] winbindd/winbindd_util.c:trustdom_recv(303) > Could not receive trustdoms > > As it seams the server tries to authenticate as pdc$ rather than > presidio3$ which is the hostname of the server and the name it's > registered as. What could the cause of this be? > > smb.conf: > workgroup = PRESIDIO > password server = pdc.domain.com > realm = DOMAIN.COM > security = ads > idmap uid = 8000-33554431 > idmap gid = 8000-33554431 > winbind separator = + > template shell = /bin/bash > winbind use default domain = yes > winbind offline logon = false > ... > server string = presidio3 > > netbios name = presidio3 > > Please advice. > > Thanks > > /Jonathan > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
