Here you have them: http://sioux.geekisp.com/smb.conf http://sioux.geekisp.com/smbldap.conf http://sioux.geekisp.com/smbldap_bind.conf
Thank you a lot for your time and cooperation. Regards. On Mon, Feb 18, 2013 at 8:45 PM, Andrew Bartlett <[email protected]> wrote: > On Mon, 2013-02-18 at 16:52 -0300, Friedrich Locke wrote: >> Dear list members, >> >> i am trying to get ldap + samba + kerberos working and have tried to >> make the proper configuration. >> Integrating samba + ldap was pretty easy, but getting kerberos to work >> seems a nightmare. >> >> Here it is what i tried (copy and pasted from my link client): >> >> harley@802-1x:/etc/samba$ kdestroy >> harley@802-1x:/etc/samba$ kinit >> [email protected]'s Password: >> harley@802-1x:/etc/samba$ klist >> Credentials cache: FILE:/tmp/krb5cc_1000 >> Principal: [email protected] >> >> Issued Expires Principal >> Feb 18 15:53:33 2013 Feb 18 19:53:33 2013 krbtgt/[email protected] >> harley@802-1x:/etc/samba$ smbclient //802-1x.cpd.ufv.br/printers -k >> session setup failed: NT_STATUS_LOGON_FAILURE >> harley@802-1x:/etc/samba$ klist >> Credentials cache: FILE:/tmp/krb5cc_1000 >> Principal: [email protected] >> >> Issued Expires Principal >> Feb 18 15:53:33 2013 Feb 18 19:53:33 2013 krbtgt/[email protected] >> Feb 18 15:53:44 2013 Feb 18 19:53:33 2013 cifs/[email protected] >> harley@802-1x:/etc/samba$ >> >> >> >> We can realize that smbclient is fetching the ticket to cifs service. >> But why NT_STATUS_LOGON_FAILURE ? >> Nothing appears on smbd logs. > > How is samba connected to the krb5 realm? What configuration options > have you set to make it use a keytab? > > That all said, this kind of frustration is why I worked so hard on Samba > 4.0 as an AD DC, because it provides the server-side integration of > LDAP, Kerberos and the Domain protocols that allow Samba and windows > member servers to join it, and for it to 'just work'. > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
