Re: [Samba] ldap+kerberos+samba
Here you have them: http://sioux.geekisp.com/smb.conf http://sioux.geekisp.com/smbldap.conf http://sioux.geekisp.com/smbldap_bind.conf Thank you a lot for your time and cooperation. Regards. On Mon, Feb 18, 2013 at 8:45 PM, Andrew Bartlett abart...@samba.org wrote: On Mon, 2013-02-18 at 16:52 -0300, Friedrich Locke wrote: Dear list members, i am trying to get ldap + samba + kerberos working and have tried to make the proper configuration. Integrating samba + ldap was pretty easy, but getting kerberos to work seems a nightmare. Here it is what i tried (copy and pasted from my link client): harley@802-1x:/etc/samba$ kdestroy harley@802-1x:/etc/samba$ kinit har...@ufv.br's Password: harley@802-1x:/etc/samba$ klist Credentials cache: FILE:/tmp/krb5cc_1000 Principal: har...@ufv.br IssuedExpires Principal Feb 18 15:53:33 2013 Feb 18 19:53:33 2013 krbtgt/ufv...@ufv.br harley@802-1x:/etc/samba$ smbclient //802-1x.cpd.ufv.br/printers -k session setup failed: NT_STATUS_LOGON_FAILURE harley@802-1x:/etc/samba$ klist Credentials cache: FILE:/tmp/krb5cc_1000 Principal: har...@ufv.br IssuedExpires Principal Feb 18 15:53:33 2013 Feb 18 19:53:33 2013 krbtgt/ufv...@ufv.br Feb 18 15:53:44 2013 Feb 18 19:53:33 2013 cifs/802-1x.cpd.ufv...@ufv.br harley@802-1x:/etc/samba$ We can realize that smbclient is fetching the ticket to cifs service. But why NT_STATUS_LOGON_FAILURE ? Nothing appears on smbd logs. How is samba connected to the krb5 realm? What configuration options have you set to make it use a keytab? That all said, this kind of frustration is why I worked so hard on Samba 4.0 as an AD DC, because it provides the server-side integration of LDAP, Kerberos and the Domain protocols that allow Samba and windows member servers to join it, and for it to 'just work'. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ldap+kerberos+samba
Dear list members, i am trying to get ldap + samba + kerberos working and have tried to make the proper configuration. Integrating samba + ldap was pretty easy, but getting kerberos to work seems a nightmare. Here it is what i tried (copy and pasted from my link client): harley@802-1x:/etc/samba$ kdestroy harley@802-1x:/etc/samba$ kinit har...@ufv.br's Password: harley@802-1x:/etc/samba$ klist Credentials cache: FILE:/tmp/krb5cc_1000 Principal: har...@ufv.br IssuedExpires Principal Feb 18 15:53:33 2013 Feb 18 19:53:33 2013 krbtgt/ufv...@ufv.br harley@802-1x:/etc/samba$ smbclient //802-1x.cpd.ufv.br/printers -k session setup failed: NT_STATUS_LOGON_FAILURE harley@802-1x:/etc/samba$ klist Credentials cache: FILE:/tmp/krb5cc_1000 Principal: har...@ufv.br IssuedExpires Principal Feb 18 15:53:33 2013 Feb 18 19:53:33 2013 krbtgt/ufv...@ufv.br Feb 18 15:53:44 2013 Feb 18 19:53:33 2013 cifs/802-1x.cpd.ufv...@ufv.br harley@802-1x:/etc/samba$ We can realize that smbclient is fetching the ticket to cifs service. But why NT_STATUS_LOGON_FAILURE ? Nothing appears on smbd logs. Any advice ? Thank you for your time and cooperation. Best regards. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldap+kerberos+samba
On Mon, 2013-02-18 at 16:52 -0300, Friedrich Locke wrote: Dear list members, i am trying to get ldap + samba + kerberos working and have tried to make the proper configuration. Integrating samba + ldap was pretty easy, but getting kerberos to work seems a nightmare. Here it is what i tried (copy and pasted from my link client): harley@802-1x:/etc/samba$ kdestroy harley@802-1x:/etc/samba$ kinit har...@ufv.br's Password: harley@802-1x:/etc/samba$ klist Credentials cache: FILE:/tmp/krb5cc_1000 Principal: har...@ufv.br IssuedExpires Principal Feb 18 15:53:33 2013 Feb 18 19:53:33 2013 krbtgt/ufv...@ufv.br harley@802-1x:/etc/samba$ smbclient //802-1x.cpd.ufv.br/printers -k session setup failed: NT_STATUS_LOGON_FAILURE harley@802-1x:/etc/samba$ klist Credentials cache: FILE:/tmp/krb5cc_1000 Principal: har...@ufv.br IssuedExpires Principal Feb 18 15:53:33 2013 Feb 18 19:53:33 2013 krbtgt/ufv...@ufv.br Feb 18 15:53:44 2013 Feb 18 19:53:33 2013 cifs/802-1x.cpd.ufv...@ufv.br harley@802-1x:/etc/samba$ We can realize that smbclient is fetching the ticket to cifs service. But why NT_STATUS_LOGON_FAILURE ? Nothing appears on smbd logs. How is samba connected to the krb5 realm? What configuration options have you set to make it use a keytab? That all said, this kind of frustration is why I worked so hard on Samba 4.0 as an AD DC, because it provides the server-side integration of LDAP, Kerberos and the Domain protocols that allow Samba and windows member servers to join it, and for it to 'just work'. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
