Good day!
I am busting my head over this, I hope someone out there could point me in the right direction. ( help please! )
I am using FreeBSD 6, with squid-2.5-stable and samba 3.0.22, and Kerberos krb5.
I have compiled both squid and samba on my machine. Samba was compiled with pam, ntlm, ldap, and winbind support. Squid was compiled with ldap_auth, and PF transparent proxying ( I know this is not important for AD authentication, but I am using squid transparently threw an if_bridge )
Kerberos is configured properly and is able to connect to my AD.
So far so good. I can then start winbindd and it does connect using "net ads join -U shaun", I can view the users and groups using either wbinfo -u or wbinfo -g and it does show everything.
When I try a wbinfo -t to check my secret, I am unable to connect.
$wbinfo -t checking the trust secret via RPC calls failed error code was STATUS_BUFFER_OVERFLOW (0x80000005) Could not check secret
This is where I am stuck. ntlm_auth also does not check against the AD. I have been googling this problem for the past 3 weeks and seem to get stuck in the same place as everybody else. I have included my config files at the end of this post to hopefully help clarify any setup questions.
Thanks.
Here are the config files; -=-=-=-=-=-=-=-=-=- /etc/krb5.conf [libdefaults] ticket_lifetime = 600 default_realm = SHAUN.ADS kdc_timesync = 0 [realms] SHAUN.ADS = { kdc = 192.168.0.37 } [domain_realms] .kerberos.server = SHAUN.ADS
I am able to connect using the comand
$ kinit shaun@SHAUN.ADS shaun@SHAUN.ADS's Password: ****** kinit: NOTICE: ticked renewable lifetime is 1 week -=-=-=-=-=-=-=-=-=-=-
/usr/local/etc/smb.conf [global] workgroup=SHAUN netbios name = Proxy Authenticator realm = SHAUN.ADS security = ads encrypt passwords = no (note: I have tried both encrypted and not, and changed the AD accordingly) password server = 192.168.0.37 winbind separator = % idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbnd use default domain = yes panic action = "/bin/sleep 9000" (note: this is if winbindd crash's, I can do a bt and strace much easier)
-=-=-=-=-=-=-=-=-=-=- strace of wbinfo -a:
[...] lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat64("/tmp/.winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 socket(PF_UNIX, SOCK_STREAM, 0) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 connect(3, {sa_family=AF_UNIX, path="/tmp/.winbindd/pipe"}, 110) = 0 getpid() = 7990 getpid() = 7990 select(4, [3], NULL, NULL, {0, 0}) = 0 (Timeout) write(3, " \6\0\0\0\0\0\0006\37\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1568) = 1568 read(3, "\24\5\0\0\1\0\0\0\t\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) = 1300 getpid() = 7990 getpid() = 7990 select(4, [3], NULL, NULL, {0, 0}) = 0 (Timeout) write(3, " \6\0\0)\0\0\0006\37\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1568) = 1568 read(3, "9\5\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1300) = 1300 read(3, "/var/cache/samba/winbindd_privil"..., 37) = 37 lstat64("/var/cache/samba/winbindd_privileged", {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0 lstat64("/var/cache/samba/winbindd_privileged/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 socket(PF_UNIX, SOCK_STREAM, 0) = 4 fcntl64(4, F_GETFD) = 0 fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 connect(4, {sa_family=AF_UNIX, path="/var/cache/samba/winbindd_privileged/pipe"}, 110) = 0 close(3) = 0 select(5, [4], NULL, NULL, {0, 0}) = 0 (Timeout) write(4, " \6\0\0\f\0\0\0006\37\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1568) = 1568 read(4, "\24\5\0\0\0\0\0\0\5\0\0\200STATUS_BUFFER_OVERFL"..., 1300) = 1300 fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x401fa000 write(1, "plaintext password authenticatio"..., 41plaintext password authentication failed ) = 41 write(1, "error code was STATUS_BUFFER_OVE"..., 94error code was STATUS_BUFFER_OVERFLOW (0x80000005) error messsage was: STATUS_BUFFER_OVERFLOW ) = 94
|