[samba] Active Directory authentication stopped working
Andrii Dobrovol`s`kii
dobr на iop.kiev.ua
Вт Май 22 13:26:28 MSD 2007
Dan O'Brien пишет:
> Hello all,
>
> I have 3 Linux boxes all authenticating against 2 Windows 2003 domain
> controllers. Each Linux box is running a different Linux and samba version:
>
> Box1: CentOS 3.4 3.0.25-7
> Box2: CentOS 4.4 3.0.10-1
> Box3: CentOS 5 3.0.23c-2
>
> Their smb.conf and krb5.conf files are all identical (below). A few days
> ago authentication stopped working and my /var/log/messages fills up
> with "signing_good: BAD SIG: seq 1" and "SMB Signature verification
> failed on incoming packet!" errors. When someone tries to log into one
> of the machines i get an "internal module error" and
> "NT_STATUS_LOGON_TYPE_NOT_GRANTED" messages.
>
> I've been on this for 2 full days now, I've tried everything I could
> think of. Any help would be appreciated.
>
>
> Regards,
> Dan O'Brien
>
> (conf files and messaeges below)
>
>
>
> /var/log/messages
> ...
> failed on incoming packet!
> May 21 16:58:13 scandium pam_winbind[17827]: request failed:
> NT_STATUS_LOGON_TYPE_NOT_GRANTED, PAM error was 4, NT error was
> NT_STATUS_LOGON_TYPE_NOT_GRANTED
> May 21 16:58:13 scandium pam_winbind[17827]: internal module error
> (retval = 4, user = `user'
>
May be, you have a problem with pam?
>
> [appdefaults]
> pam = {
> debug = false
> ticket_lifetime = 36000
> renew_lifetime = 36000
> forwardable = true
> krb4_convert = false
> }
>
You tried "debug = true"?
Or there can be something has changed on the controllers?
--
Rgrds,
Andriy
*********************************************************************
email: dobr at iop dot kiev dot ua Kyiv, Ukraine
Phone: (380-44) 525-7824 Department of Gas Electronics
Fax: (380-44) 525-2329 Institute of Physics of NASU
*********************dobrATjabber.iop.kiev.ua************************
----------- следущая часть -----------
Было удалено вложение не в текстовом формате...
Имя : signature.asc
Тип : application/pgp-signature
Размер : 189 байтов
Описание: OpenPGP digital signature
Url : http://lists.altlinux.org/pipermail/samba/attachments/20070522/34f2f76b/attachment.bin
Подробная информация о списке рассылки Samba