Preauthentication error with Samba

ravi channavajhala ravi.channavajhala at dciera.com
Mon Sep 7 08:18:57 EDT 2009


Can anyone suggest how to get around the following?

 

[2009/09/05 00:32:55, 3] libads/sasl.c:ads_sasl_spnego_bind(300)
  ads_sasl_spnego_bind: got server principal name =
exdc1$@domain.example.com
[2009/09/05 00:32:55, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2009/09/05 00:32:56, 0] libads/kerberos.c:ads_kinit_password(228)
  kerberos_kinit_password samserv1$@domain.example.com failed:
Preauthentication
 failed

 

This is what my samba RPMs are

 

# rpm -qa | grep -i samb
samba-client-3.0.33-3.7.el5
system-config-samba-1.2.41-3.el5
samba-common-3.0.33-3.7.el5
samba-3.0.33-3.7.el5

 

# uname -a
Linux samserv1.domain.example.com 2.6.18-128.el5PAE #1 SMP Wed Dec 17
12:02:33 EST 2008 i686 i686 i386 GNU/Linux

# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.3 (Tikanga)

 

The smb.conf file uses

 

Security = ads

Use Kerberos keytab = true

 

AD logins from Linux work just fine (ruling out the obvious such as time
synchronization etc.), 'net ads info' and 'net ads status' show relevant
information.  The Kerberos keytab was generated with net ads keytab create.

 

Information from net ads status (partial)

 

sAMAccountName: SAMSERV1$
sAMAccountType: 805306369
dNSHostName: samserv1.domain.example.com
userPrincipalName:
host/samserv1.domain.example.com at SAMSERV1.DOMAIN.EXAMPLE.COM
objectCategory:
CN=Computer,CN=Schema,CN=Configuration,DC=domain,DC=example,DC=com

 

Regards,

 

Ravi K. Channavajhala

 




More information about the Kerberos mailing list