Re: [Samba] Accessing member server prompts for credentials
This is a discussion on Re: [Samba] Accessing member server prompts for credentials within the Samba forums, part of the Networking and Network Related category; I'm still struggling with this if anyone can help. I'm back tracking through the HOWTO and realised that ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-18-2008
|
|||
|
|||
Re: [Samba] Accessing member server prompts for credentials
I'm still struggling with this if anyone can help.
I'm back tracking through the HOWTO and realised that I hadn't created a machine trust account. So I've done: # groupadd machines # /usr/sbin/useradd -g machines -d /var/lib/nobody -c "Test Server" -s /bin/false server1 # passwd -l server1 Locking password for user server1. # smbpasswd -a -m server1 Failed to modify password entry for user server1$ Please can anyone tell me why this last step fails? > > From: Leon Stringer <leon.stringer@ntlworld.com> > Date: 2008/06/17 Tue AM 11:13:14 GMT > To: <samba@lists.samba.org> > Subject: [Samba] Accessing member server prompts for credentials > > Hi, > > I'm trying to join a server as an AD member but it isn't working. > > I do: > > kinit ADMINISTRATOR@DOMAIN1.CO.UK > > which prompts for the password and displays nothing else. Then I do: > > net ads join -U Administrator%XXXXX > > which returns: > > Using short domain name -- DOMAIN1 > Joined 'SERVER1' to realm 'DOMAIN1.CO.UK' > > So all looks OK, but when I try to browse the shares on \\server1 > from another domain member I'm prompted for a username and password. Any valid domain credentials are rejected. > > The log file for the IP address for the computer I'm trying to connect > from says: > > [2008/06/17 11:54:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) > Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! > > log.smbd says: > [2008/06/17 11:55:47, 0] auth/auth_util.c:create_builtin_administrators(792) > create_builtin_administrators: Failed to create Administrators > [2008/06/17 11:55:47, 0] auth/auth_util.c:create_builtin_users(758) > create_builtin_users: Failed to create Users > > smb.conf says: > [global] > workgroup = DOMAIN1 > realm = DOMAIN1.CO.UK > security = ADS > > Samba 3.0.30 on Fedora 8. > > Can anyone tell me where I'm going wrong? > ----------------------------------------- Email sent from www.virginmedia.com/email Virus-checked using McAfee(R) Software and scanned for spam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba 
|
|
06-18-2008
|
|||
|
|||
|
Re: [Samba] Accessing member server prompts for credentials
Hi
When accessing the share, and when prompted for authentication, If you give "Domain\username" and then user's password . Does it work ? On Wed, Jun 18, 2008 at 6:33 PM, Leon Stringer <leon.stringer@ntlworld.com> wrote: > I'm still struggling with this if anyone can help. > > I'm back tracking through the HOWTO and realised that I hadn't created > a machine trust account. > > So I've done: > # groupadd machines > # /usr/sbin/useradd -g machines -d /var/lib/nobody -c "Test Server" -s > /bin/false server1 > # passwd -l server1 > Locking password for user server1. > # smbpasswd -a -m server1 > Failed to modify password entry for user server1$ > > Please can anyone tell me why this last step fails? > > > > > From: Leon Stringer <leon.stringer@ntlworld.com> > > Date: 2008/06/17 Tue AM 11:13:14 GMT > > To: <samba@lists.samba.org> > > Subject: [Samba] Accessing member server prompts for credentials > > > > Hi, > > > > I'm trying to join a server as an AD member but it isn't working. > > > > I do: > > > > kinit ADMINISTRATOR@DOMAIN1.CO.UK > > > > which prompts for the password and displays nothing else. Then I do: > > > > net ads join -U Administrator%XXXXX > > > > which returns: > > > > Using short domain name -- DOMAIN1 > > Joined 'SERVER1' to realm 'DOMAIN1.CO.UK' > > > > So all looks OK, but when I try to browse the shares on \\server1 > > from another domain member I'm prompted for a username and password. Any > valid domain credentials are rejected. > > > > The log file for the IP address for the computer I'm trying to connect > > from says: > > > > [2008/06/17 11:54:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) > > Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! > > > > log.smbd says: > > [2008/06/17 11:55:47, 0] > auth/auth_util.c:create_builtin_administrators(792) > > create_builtin_administrators: Failed to create Administrators > > [2008/06/17 11:55:47, 0] auth/auth_util.c:create_builtin_users(758) > > create_builtin_users: Failed to create Users > > > > smb.conf says: > > [global] > > workgroup = DOMAIN1 > > realm = DOMAIN1.CO.UK > > security = ADS > > > > Samba 3.0.30 on Fedora 8. > > > > Can anyone tell me where I'm going wrong? > > > > ----------------------------------------- > Email sent from www.virginmedia.com/email > Virus-checked <http://www.virginmedia.com/emailVirus-checked> using > McAfee(R) Software and scanned for spam > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
|
06-18-2008
|
|||
|
|||
|
Re: [Samba] Accessing member server prompts for credentials
Do you have the "unix password sync" set to yes in smb.conf
If yes, maybe you're in trouble with the password chat. I had the problem on my debian systems were using the default "passwd chat" value did not work because it expects *changed* and my system returned updated. > I'm still struggling with this if anyone can help. > > I'm back tracking through the HOWTO and realised that I hadn't created > a machine trust account. > > So I've done: > # groupadd machines > # /usr/sbin/useradd -g machines -d /var/lib/nobody -c "Test Server" -s > /bin/false server1 > # passwd -l server1 > Locking password for user server1. > # smbpasswd -a -m server1 > Failed to modify password entry for user server1$ > > Please can anyone tell me why this last step fails? > >> >> From: Leon Stringer <leon.stringer@ntlworld.com> >> Date: 2008/06/17 Tue AM 11:13:14 GMT >> To: <samba@lists.samba.org> >> Subject: [Samba] Accessing member server prompts for credentials >> >> Hi, >> >> I'm trying to join a server as an AD member but it isn't working. >> >> I do: >> >> kinit ADMINISTRATOR@DOMAIN1.CO.UK >> >> which prompts for the password and displays nothing else. Then I do: >> >> net ads join -U Administrator%XXXXX >> >> which returns: >> >> Using short domain name -- DOMAIN1 >> Joined 'SERVER1' to realm 'DOMAIN1.CO.UK' >> >> So all looks OK, but when I try to browse the shares on \\server1 >> from another domain member I'm prompted for a username and password. Any >> valid domain credentials are rejected. >> >> The log file for the IP address for the computer I'm trying to connect >> from says: >> >> [2008/06/17 11:54:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) >> Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! >> >> log.smbd says: >> [2008/06/17 11:55:47, 0] >> auth/auth_util.c:create_builtin_administrators(792) >> create_builtin_administrators: Failed to create Administrators >> [2008/06/17 11:55:47, 0] auth/auth_util.c:create_builtin_users(758) >> create_builtin_users: Failed to create Users >> >> smb.conf says: >> [global] >> workgroup = DOMAIN1 >> realm = DOMAIN1.CO.UK >> security = ADS >> >> Samba 3.0.30 on Fedora 8. >> >> Can anyone tell me where I'm going wrong? >> > > ----------------------------------------- > Email sent from www.virginmedia.com/email > Virus-checked using McAfee(R) Software and scanned for spam > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > > Message scanned by ClamAV engine (http://www.clamav.net) > -------------------------------------------------------- > -- François Legal Message scanned by ClamAV engine (http://www.clamav.net) -------------------------------------------------------- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
|
06-18-2008
|
|||
|
|||
|
Re: [Samba] Accessing member server prompts for credentials
Leon Stringer wrote:
> I'm still struggling with this if anyone can help. > > I'm back tracking through the HOWTO and realised that I hadn't created > a machine trust account. > > So I've done: > # groupadd machines > # /usr/sbin/useradd -g machines -d /var/lib/nobody -c "Test Server" -s /bin/false server1 > # passwd -l server1 > Locking password for user server1. > # smbpasswd -a -m server1 > Failed to modify password entry for user server1$ > > Please can anyone tell me why this last step fails? > Those commands are for working with an NT4 domain. They're of no use if you're trying to join samba to an AD domain. > > >> From: Leon Stringer <leon.stringer@ntlworld.com> >> Date: 2008/06/17 Tue AM 11:13:14 GMT >> To: <samba@lists.samba.org> >> Subject: [Samba] Accessing member server prompts for credentials >> >> Hi, >> >> I'm trying to join a server as an AD member but it isn't working. >> >> I do: >> >> kinit ADMINISTRATOR@DOMAIN1.CO.UK >> >> which prompts for the password and displays nothing else. Then I do: >> >> net ads join -U Administrator%XXXXX >> >> which returns: >> >> Using short domain name -- DOMAIN1 >> Joined 'SERVER1' to realm 'DOMAIN1.CO.UK' >> >> So all looks OK, but when I try to browse the shares on \\server1 >> from another domain member I'm prompted for a username and password. Any valid domain credentials are rejected. >> >> The log file for the IP address for the computer I'm trying to connect >> from says: >> >> [2008/06/17 11:54:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) >> Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! >> >> log.smbd says: >> [2008/06/17 11:55:47, 0] auth/auth_util.c:create_builtin_administrators(792) >> create_builtin_administrators: Failed to create Administrators >> [2008/06/17 11:55:47, 0] auth/auth_util.c:create_builtin_users(758) >> create_builtin_users: Failed to create Users >> >> smb.conf says: >> [global] >> workgroup = DOMAIN1 >> realm = DOMAIN1.CO.UK >> security = ADS >> >> Samba 3.0.30 on Fedora 8. >> >> Can anyone tell me where I'm going wrong? >> >> > > Actually, it all looks good so far, but you need a little more setup so samba can authenticate accounts against AD. Do you have winbindd running? What does 'wbinfo -t' tell you? Do you have the winbind sections in smb.conf configured correctly? Can you get a list of AD accounts with 'wbinfo -u'? Did you configure nsswitch.conf correctly? If 'id "DOMAIN\user"' returns useful info about the user, your machine is authenticating with AD correctly. Also, ntpd needs to sync the time very closely with the domain. 'date ; net time -w DOMAIN' should show times that are within seconds of each other. Go back to the Samba HOWTO and review Ch. 24 and 29. Any text in the HOWTO that mentions NT4 or PDC or BDC configuration is not for your situation. -- Toby Bluhm Alltech Medical Systems America, Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2240 ext203 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
Linear Mode
