[samba] Active Directory authentication stopped working

Dan O'Brien dobrien на xanboo.com
Вт Май 22 01:01:53 MSD 2007


Hello all,

I have 3 Linux boxes all authenticating against 2 Windows 2003 domain
controllers. Each Linux box is running a different Linux and samba version:

Box1: CentOS 3.4 3.0.25-7
Box2: CentOS 4.4 3.0.10-1
Box3: CentOS 5   3.0.23c-2

Their smb.conf and krb5.conf files are all identical (below). A few days
ago authentication stopped working and my /var/log/messages fills up
with "signing_good: BAD SIG: seq 1" and "SMB Signature verification
failed on incoming packet!" errors. When someone tries to log into one
of the machines i get an "internal module error" and
"NT_STATUS_LOGON_TYPE_NOT_GRANTED" messages.

I've been on this for 2 full days now, I've tried everything I could
think of. Any help would be appreciated.


Regards,
Dan O'Brien

(conf files and messaeges below)



/var/log/messages
...
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/smb_signing.c:signing_good(240)
May 21 16:58:13 scandium winbindd[14882]:   signing_good: BAD SIG: seq 1
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/clientgen.c:cli_receive_smb(121)
May 21 16:58:13 scandium winbindd[14882]:   SMB Signature verification
failed on incoming packet!
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/smb_signing.c:signing_good(240)
May 21 16:58:13 scandium winbindd[14882]:   signing_good: BAD SIG: seq 1
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/clientgen.c:cli_receive_smb(121)
May 21 16:58:13 scandium winbindd[14882]:   SMB Signature verification
failed on incoming packet!
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/smb_signing.c:signing_good(240)
May 21 16:58:13 scandium winbindd[14882]:   signing_good: BAD SIG: seq 1
May 21 16:58:13 scandium winbindd[14882]: [2007/05/21 16:58:13, 0]
libsmb/clientgen.c:cli_receive_smb(121)
May 21 16:58:13 scandium winbindd[14882]:   SMB Signature verification
failed on incoming packet!
May 21 16:58:13 scandium pam_winbind[17827]: request failed:
NT_STATUS_LOGON_TYPE_NOT_GRANTED, PAM error was 4, NT error was
NT_STATUS_LOGON_TYPE_NOT_GRANTED
May 21 16:58:13 scandium pam_winbind[17827]: internal module error
(retval = 4, user = `user'


krb5.conf
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 default_realm = MYDOMAIN.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false

[realms]
 MYDOMAIN.COM = {
  kdc = mydomain.com
  admin_server = dc1.mydomain.com
  default_domain = mydomain.com
  kdc = dc1.mydomain.com
  kdc = dc2.mydomain.com
 }

[domain_realm]
 .mydomain.com = MYDOMAIN.COM
 mydomain.com = MYDOMAIN.COM

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

smb.conf
[global]

   realm = MYDOMAIN.COM
   workgroup = mydomain
   server string = Scandium
   security = ADS
   idmap uid = 10000-20000
   idmap gid = 10000-20000

   template shell = /bin/bash
   template homedir = /home/%U
   winbind use default domain = yes
   printcap name = /etc/printcap
   load printers = yes
   cups options = raw
   log level = 9
   log file = /var/log/samba/%m.log
   max log size = 50
   password server = dc2.mydomain.com dc2.mydomain.com
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   local master = no
   domain master = no
   preferred master = no
   dns proxy = no



Подробная информация о списке рассылки Samba