LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-14-2014, 09:06 AM   #1
TheImpasse
LQ Newbie
 
Registered: Jul 2014
Posts: 1

Rep: Reputation: Disabled
Samba Authentication with Kerberos Server


Hi all, I have a server that I have set up to authenticate successfully using sssd, everything works great, I can SSH into the server as user in the LDAP and get all my details.

However, I'm now trying to set up authentication in Samba with very little luck! I'm really clueless with this stuff so please be gentle.

krb5.conf
Code:
[libdefaults]
 default_realm = EXAMPLE.CO.UK
 dns_lookup_realm = true
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 EXAMPLE.CO.UK = {
  kdc = kdc.example.co.uk
  admin_server = kadmin.example.co.uk
  default_domain = example.co.uk
 }

[domain_realm]
 example.co.uk = EXAMPLE.CO.UK
 .example.co.uk = EXAMPLE.CO.UK

/etc/samba/smb.conf
Code:
[global]

	workgroup 	= EXAMPLE.CO.UK
	server string 	= Samba Server Version %v
	
	netbios name 	= store 
        guest ok 	= no 
        clustering 	= yes
	security 	= domain

# 192.9.210.20 is the IP of kdc.example.co.uk
	password server = 192.9.210.20
	encrypt passwords = yes
	realm		= EXAMPLE.CO.UK
        template shell 	= /bin/bash
	
	log file = /var/log/samba/log.%m
	max log size = 50
	log level = 3
	
[profile]
       comment = GPFS profile Shared Data
       public = yes
       path = /gpfs/profile
       writeable = yes
       ea support = yes
       create mask = 0775
        security mask = 0777
        force security mode = 000
        directory security mask = 0770
        force directory security mode = 000
	valid users = %S
	valid users = EXAMPLE.CO.UK\%S
I'm pretty sure it's something wrong in the [global] tag of my samba file but I'm struggling to work out what I need to put in there, possibly the 'security' option.

Right now, I can connect to the server via samba, if I then click the 'profile' share, it prompts me to log in. Inputting the credentials gives me the following error in the logs and I don't understand why:

Code:
[2014/07/14 15:01:55.637873,  3] libsmb/trusts_util.c:166(enumerate_domain_trusts)
  enumerate_domain_trusts: can't locate a DC for domain EXAMPLE.CO.UK
[2014/07/14 15:01:55.638111,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [EXAMPLE.CO.UK]\[user.name]@[MYHOSTNAME] with the new password interface
[2014/07/14 15:01:55.638176,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  mapped user is: [EXAMPLE.CO.UK]\[user.name]@[HOSTNAME]
[2014/07/14 15:01:55.638336,  3] libsmb/namequery.c:2533(get_dc_list)
  get_dc_list: preferred server list: ", 192.9.210.20"
[2014/07/14 15:02:05.640555,  2] auth/auth.c:319(check_ntlm_password)
  check_ntlm_password:  Authentication for user [user.name] -> [user.name] FAILED with error NT_STATUS_NO_LOGON_SERVERS
[2014/07/14 15:02:05.640720,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX) NT_STATUS_NO_LOGON_SERVERS
[2014/07/14 15:02:05.641064,  1] smbd/process.c:457(receive_smb_talloc)
  receive_smb_raw_talloc failed for client 192.9.200.90 read error = NT_STATUS_CONNECTION_RESET.
[2014/07/14 15:02:05.641257,  3] smbd/server_exit.c:181(exit_server_common)
  Server exit (failed to receive smb request)
Why does it say no logon servers when I'm pointing at the Kerberos server? Do I also need to add LDAP information in there too?
 
Old 07-16-2014, 03:28 PM   #2
mostlyharmless
Senior Member
 
Registered: Jan 2008
Distribution: Arch/Manjaro, might try Slackware again
Posts: 1,851
Blog Entries: 14

Rep: Reputation: 284Reputation: 284Reputation: 284
You don't say which distro you're using, or what you did exactly so far, or if you followed a guide, so it might be hard to figure out where you are right now. Having said that, try looking at what I did here:

http://www.linuxquestions.org/questi...a-ad-dc-36021/

as well as some of the links in the blog, perhaps that will help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Client Server Authentication using Kerberos cmccullo Linux - Server 0 06-20-2012 10:56 PM
Is it possible to use kerberos for samba authentication without a domain? a2brute Linux - Server 1 10-15-2010 07:30 AM
HOW TO: SUSE Linux Enterprise Desktop SLED10 LDAP / Kerberos Authentication to Active Directory / Windows Server 2003 R2 Shannon_VanWagner LinuxAnswers Discussion 2 06-13-2007 09:29 AM
HOW TO: SUSE Linux Enterprise Desktop SLED10 LDAP / Kerberos Authentication to Active Directory / Windows Server 2003 R2 Shannon_VanWagner LinuxAnswers Discussion 0 03-23-2007 02:22 PM
Samba Kerberos Authentication SNunweiler Linux - Networking 7 08-25-2004 10:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:08 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration