Preauthentication error with Samba
ravi channavajhala
ravi.channavajhala at dciera.com
Mon Sep 7 08:18:57 EDT 2009
Can anyone suggest how to get around the following?
[2009/09/05 00:32:55, 3] libads/sasl.c:ads_sasl_spnego_bind(300)
ads_sasl_spnego_bind: got server principal name =
exdc1$@domain.example.com
[2009/09/05 00:32:55, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593)
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2009/09/05 00:32:56, 0] libads/kerberos.c:ads_kinit_password(228)
kerberos_kinit_password samserv1$@domain.example.com failed:
Preauthentication
failed
This is what my samba RPMs are
# rpm -qa | grep -i samb
samba-client-3.0.33-3.7.el5
system-config-samba-1.2.41-3.el5
samba-common-3.0.33-3.7.el5
samba-3.0.33-3.7.el5
# uname -a
Linux samserv1.domain.example.com 2.6.18-128.el5PAE #1 SMP Wed Dec 17
12:02:33 EST 2008 i686 i686 i386 GNU/Linux
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.3 (Tikanga)
The smb.conf file uses
Security = ads
Use Kerberos keytab = true
AD logins from Linux work just fine (ruling out the obvious such as time
synchronization etc.), 'net ads info' and 'net ads status' show relevant
information. The Kerberos keytab was generated with net ads keytab create.
Information from net ads status (partial)
sAMAccountName: SAMSERV1$
sAMAccountType: 805306369
dNSHostName: samserv1.domain.example.com
userPrincipalName:
host/samserv1.domain.example.com at SAMSERV1.DOMAIN.EXAMPLE.COM
objectCategory:
CN=Computer,CN=Schema,CN=Configuration,DC=domain,DC=example,DC=com
Regards,
Ravi K. Channavajhala
More information about the Kerberos
mailing list