Authenticate Centos box into WS 2003 Active Director

If it doesn't fit in another category, ask it here.
jemrpo
Posts: 2
Joined: 2010/09/24 12:37:47

Authenticate Centos box into WS 2003 Active Director

Postby jemrpo » 2010/09/24 13:04:00

I'm trying to configure my CentOS server to log into my work AD, everything seems to be ok, because I see my server from the AD administration console.
But what I really need is that the users from AD can log in into my CentOS box with their username en password.

I've already configured /etc/krb5.conf /etc/nsswitch.conf /etc/samba/smb.conf like this:

[root@monitorlinux ~]# cat /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = HPTU.ORG.CO dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [realms] HPTU.ORG.CO = { kdc = SVR-CAIRO.HPTU.ORG.CO admin_server = SVR-CAIRO.HPTU.ORG.CO default_domain = HPTU.ORG.CO kpasswd_server = SVR-SERVER.HPTU.ORG.CO } [domain_realm] .hptu.org.co = HPTU.ORG.CO hptu.org.co = HPTU.ORG.CO [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = true } [root@monitorlinux ~]#


[root@monitorlinux ~]# cat /etc/nsswitch.conf passwd: compat winbind group: compat winbind shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis


[root@monitorlinux ~]# cat /etc/samba/smb.conf GLOBAL PARAMETERS [global] workgroup = HPTU password server = 172.20.21.34 realm = HPTU.ORG.CO # preferred master = no # server string = MONITORLINUX security = ADS encrypt passwords = true log level = 3 log file = /var/log/samba/%m max log size = 50 # printcap name = cups # printing = cups winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind nested groups = yes ; winbind separator = + idmap uid = 500-20000 idmap gid = 500-20000 ;template primary group = "Domain Users" template shell = /bin/bash client use spnego = yes client ntlmv2 auth = yes template homedir = /home/%D/%U client schannel = no #[homes] # comment = Home Direcotries # valid users = %S # read only = No # browseable = No # #[printers] # comment = All Printers # path = /var/spool/cups # browseable = no # printable = yes # guest ok = yes [root@monitorlinux ~]#


I exec: [root@monitorlinux ~]# kinit jmartinez
Password for jmartinez@HPTU.ORG.CO:
[root@monitorlinux ~]#

But it prints no message, user is already registered in AD.

When I exec: wbinfo -u it prints the list of the users in the AD:

[root@monitorlinux ~]# wbinfo -u
jvega
csoto
vgomez
ncardonad
egallo
emarinv
agranda

[root@monitorlinux ~]# getent passwd administrator
administrator:*:1010:602:Administrator:/home/HPTU/administrator:/bin/bash

[root@monitorlinux ~]# wbinfo -a "jmartinez"%"PASSWORD"
plaintext password authentication succeeded
challenge/response password authentication succeeded


but when i type net ads join -U jmartinez this happends:

[root@monitorlinux ~]# net ads join -U jmartinez
jmartinez's password:
Failed to set password for machine account (NT_STATUS_ACCESS_DENIED)
Failed to join domain: Access denied

[root@monitorlinux ~]# net ads join -d10 -U jmartinez
params.c:Parameter() - Ignoring badly formed line in configuration file: GLOBAL PARAMETERS
[2010/09/24 08:00:04, 3] param/loadparm.c:do_section(3808)
Processing section "[global]"
doing parameter workgroup = HPTU
doing parameter password server = 172.20.21.34
doing parameter realm = HPTU.ORG.CO
doing parameter security = ADS
doing parameter encrypt passwords = true
doing parameter log level = 3
doing parameter log file = /var/log/samba/%m
doing parameter max log size = 50
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter winbind use default domain = yes
doing parameter winbind nested groups = yes
doing parameter idmap uid = 500-20000
doing parameter idmap gid = 500-20000
doing parameter template shell = /bin/bash
doing parameter client use spnego = yes
doing parameter client ntlmv2 auth = yes
doing parameter template homedir = /home/%D/%U
doing parameter client schannel = no
[2010/09/24 08:00:04, 4] param/loadparm.c:lp_load(5100)
pm_process() returned Yes
[2010/09/24 08:00:04, 7] param/loadparm.c:lp_servicenumber(5238)
lp_servicenumber: couldn't find homes
[2010/09/24 08:00:04, 10] param/loadparm.c:set_server_role(4344)
set_server_role: role = ROLE_DOMAIN_MEMBER
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS-2LE
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS-2LE
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-16LE
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-16LE
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS-2BE
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS-2BE
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-16BE
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-16BE
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF8
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF8
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-8
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-8
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset ASCII
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset ASCII
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset 646
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset 646
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset ISO-8859-1
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset ISO-8859-1
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS2-HEX
[2010/09/24 08:00:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS2-HEX
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2010/09/24 08:00:04, 5] lib/util.c:init_names(309)
Netbios name list:-
my_netbios_names[0]="MONITORLINUX"
[2010/09/24 08:00:04, 2] lib/interface.c:add_interface(81)
added interface ip=172.20.28.115 bcast=172.20.255.255 nmask=255.255.0.0
[2010/09/24 08:00:04, 5] lib/gencache.c:gencache_init(61)
Opening cache file at /var/cache/samba/gencache.tdb
[2010/09/24 08:00:04, 10] lib/gencache.c:gencache_get(226)
Returning valid cache entry: key = AD_SITENAME/DOMAIN/HPTU.ORG.CO, value = Hospital, timeout = Sun Feb 7 01:28:15 2106
[2010/09/24 08:00:04, 5] libads/dns.c:sitename_fetch(709)
sitename_fetch: Returning sitename for HPTU.ORG.CO: "Hospital"
[2010/09/24 08:00:04, 4] libsmb/namequery_dc.c:ads_dc_name(73)
ads_dc_name: domain=HPTU
[2010/09/24 08:00:04, 10] lib/gencache.c:gencache_get(226)
Returning valid cache entry: key = AD_SITENAME/DOMAIN/HPTU.ORG.CO, value = Hospital, timeout = Sun Feb 7 01:28:15 2106
[2010/09/24 08:00:04, 5] libads/dns.c:sitename_fetch(709)
sitename_fetch: Returning sitename for HPTU.ORG.CO: "Hospital"
[2010/09/24 08:00:04, 6] libads/ldap.c:ads_find_dc(294)
ads_find_dc: looking for realm 'HPTU.ORG.CO'
[2010/09/24 08:00:04, 8] libsmb/namequery.c:get_sorted_dc_list(1644)
get_sorted_dc_list: attempting lookup for name HPTU.ORG.CO (sitename Hospital) using [ads]
[2010/09/24 08:00:04, 10] lib/gencache.c:gencache_get(226)
Returning valid cache entry: key = SAF/DOMAIN/HPTU.ORG.CO, value = 172.20.21.34, timeout = Fri Sep 24 08:14:53 2010
[2010/09/24 08:00:04, 5] libsmb/namequery.c:saf_fetch(136)
saf_fetch: Returning "172.20.21.34" for "HPTU.ORG.CO" domain
[2010/09/24 08:00:04, 3] libsmb/namequery.c:get_dc_list(1495)
get_dc_list: preferred server list: "172.20.21.34, 172.20.21.34"
[2010/09/24 08:00:04, 10] lib/gencache.c:gencache_get(226)
Returning valid cache entry: key = AD_SITENAME/DOMAIN/HPTU.ORG.CO, value = Hospital, timeout = Sun Feb 7 01:28:15 2106
[2010/09/24 08:00:04, 5] libads/dns.c:sitename_fetch(709)
sitename_fetch: Returning sitename for HPTU.ORG.CO: "Hospital"
[2010/09/24 08:00:04, 10] lib/gencache.c:gencache_get(226)
Returning valid cache entry: key = AD_SITENAME/DOMAIN/HPTU.ORG.CO, value = Hospital, timeout = Sun Feb 7 01:28:15 2106
[2010/09/24 08:00:04, 5] libads/dns.c:sitename_fetch(709)
sitename_fetch: Returning sitename for HPTU.ORG.CO: "Hospital"
[2010/09/24 08:00:04, 10] libsmb/namequery.c:remove_duplicate_addrs2(435)
remove_duplicate_addrs2: looking for duplicate address/port pairs
[2010/09/24 08:00:04, 4] libsmb/namequery.c:get_dc_list(1605)
get_dc_list: returning 1 ip addresses in an ordered list
[2010/09/24 08:00:04, 4] libsmb/namequery.c:get_dc_list(1606)
get_dc_list: 172.20.21.34:389
[2010/09/24 08:00:04, 5] libads/ldap.c:ads_try_connect(180)
ads_try_connect: sending CLDAP request to 172.20.21.34 (realm: HPTU.ORG.CO)
[2010/09/24 08:00:04, 10] libads/dns.c:sitename_store(670)
sitename_store: realm = [HPTU.ORG.CO], sitename = [Hospital], expire = [4294967295]
[2010/09/24 08:00:04, 10] lib/gencache.c:gencache_set(140)
Adding cache entry with key = AD_SITENAME/DOMAIN/HPTU.ORG.CO; value = Hospital and timeout = (null) (-1285333205 seconds ahead)
[2010/09/24 08:00:04, 3] libads/ldap.c:ads_connect(394)
Connected to LDAP server 172.20.21.34
[2010/09/24 08:00:04, 10] lib/gencache.c:gencache_get(226)
Returning valid cache entry: key = AD_SITENAME/DOMAIN/HPTU.ORG.CO, value = Hospital, timeout = Sun Feb 7 01:28:15 2106
[2010/09/24 08:00:04, 5] libads/dns.c:sitename_fetch(709)
sitename_fetch: Returning sitename for HPTU.ORG.CO: "Hospital"
[2010/09/24 08:00:04, 10] libads/ldap.c:ads_closest_dc(149)
ads_closest_dc: ADS_CLOSEST flag set
[2010/09/24 08:00:04, 10] libads/kerberos.c:create_local_private_krb5_conf_for_domain(673)
create_local_private_krb5_conf_for_domain: fname = /var/cache/samba/smb_krb5/krb5.conf.HPTU, realm = HPTU.ORG.CO, domain = HPTU
[2010/09/24 08:00:04, 10] lib/gencache.c:gencache_get(226)
Returning valid cache entry: key = SAF/DOMAIN/HPTU.ORG.CO, value = 172.20.21.34, timeout = Fri Sep 24 08:14:53 2010
[2010/09/24 08:00:04, 5] libsmb/namequery.c:saf_fetch(136)
saf_fetch: Returning "172.20.21.34" for "HPTU.ORG.CO" domain
[2010/09/24 08:00:04, 3] libsmb/namequery.c:get_dc_list(1495)
get_dc_list: preferred server list: "172.20.21.34, 172.20.21.34"
[2010/09/24 08:00:04, 10] lib/gencache.c:gencache_get(226)
Returning valid cache entry: key = AD_SITENAME/DOMAIN/HPTU.ORG.CO, value = Hospital, timeout = Sun Feb 7 01:28:15 2106
[2010/09/24 08:00:04, 5] libads/dns.c:sitename_fetch(709)
sitename_fetch: Returning sitename for HPTU.ORG.CO: "Hospital"
[2010/09/24 08:00:04, 10] lib/gencache.c:gencache_get(226)
Returning valid cache entry: key = AD_SITENAME/DOMAIN/HPTU.ORG.CO, value = Hospital, timeout = Sun Feb 7 01:28:15 2106
[2010/09/24 08:00:04, 5] libads/dns.c:sitename_fetch(709)
sitename_fetch: Returning sitename for HPTU.ORG.CO: "Hospital"
[2010/09/24 08:00:04, 10] libsmb/namequery.c:remove_duplicate_addrs2(435)
remove_duplicate_addrs2: looking for duplicate address/port pairs
[2010/09/24 08:00:04, 4] libsmb/namequery.c:get_dc_list(1605)
get_dc_list: returning 1 ip addresses in an ordered list
[2010/09/24 08:00:04, 4] libsmb/namequery.c:get_dc_list(1606)
get_dc_list: 172.20.21.34:389
[2010/09/24 08:00:04, 10] lib/gencache.c:gencache_get(226)
Returning valid cache entry: key = SAF/DOMAIN/HPTU.ORG.CO, value = 172.20.21.34, timeout = Fri Sep 24 08:14:53 2010
[2010/09/24 08:00:04, 5] libsmb/namequery.c:saf_fetch(136)
saf_fetch: Returning "172.20.21.34" for "HPTU.ORG.CO" domain
[2010/09/24 08:00:04, 3] libsmb/namequery.c:get_dc_list(1495)
get_dc_list: preferred server list: "172.20.21.34, 172.20.21.34"
[2010/09/24 08:00:04, 10] lib/gencache.c:gencache_get(226)
Returning valid cache entry: key = AD_SITENAME/DOMAIN/HPTU.ORG.CO, value = Hospital, timeout = Sun Feb 7 01:28:15 2106
[2010/09/24 08:00:04, 5] libads/dns.c:sitename_fetch(709)
sitename_fetch: Returning sitename for HPTU.ORG.CO: "Hospital"
[2010/09/24 08:00:04, 10] lib/gencache.c:gencache_get(226)
Returning valid cache entry: key = AD_SITENAME/DOMAIN/HPTU.ORG.CO, value = Hospital, timeout = Sun Feb 7 01:28:15 2106
[2010/09/24 08:00:04, 5] libads/dns.c:sitename_fetch(709)
sitename_fetch: Returning sitename for HPTU.ORG.CO: "Hospital"
[2010/09/24 08:00:04, 10] libsmb/namequery.c:remove_duplicate_addrs2(435)
remove_duplicate_addrs2: looking for duplicate address/port pairs
[2010/09/24 08:00:04, 4] libsmb/namequery.c:get_dc_list(1605)
get_dc_list: returning 1 ip addresses in an ordered list
[2010/09/24 08:00:04, 4] libsmb/namequery.c:get_dc_list(1606)
get_dc_list: 172.20.21.34:389
[2010/09/24 08:00:04, 10] libads/kerberos.c:get_kdc_ip_string(624)
get_kdc_ip_string: Returning kdc = 172.20.21.34

[2010/09/24 08:00:04, 5] libads/kerberos.c:create_local_private_krb5_conf_for_domain(746)
create_local_private_krb5_conf_for_domain: wrote file /var/cache/samba/smb_krb5/krb5.conf.HPTU with realm HPTU.ORG.CO KDC = 172.20.21.34
[2010/09/24 08:00:04, 4] libsmb/namequery_dc.c:ads_dc_name(139)
ads_dc_name: using server='SVR-CAIRO.HPTU.ORG.CO' IP=172.20.21.34
jmartinez's password:
[020] 02 00 00 00 00 25 00 00 00 00 00 C7 CF 23 68 9D .....%.. .....#h.
[030] 67 2D 4E 9C 28 DC B5 D2 44 2F 63 19 00 19 00 00 g-N.(... D/c.....
[040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0E0] 00 00 00 00 00 00 00 80 02 00 00 00 00 10 03 00 ........ ........
[0F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[100] 00 00 00 FC 19 9F F4 34 7B 9B CE 36 D3 01 26 94 .......4 {..6..&.
[110] 70 29 B7 D2 AA C8 0A 84 77 FD DF 93 65 4A 11 FE p)...... w...eJ..
[120] CA ED F2 14 F2 5E 46 E5 C0 22 66 0C 29 94 6B 88 .....^F. ."f.).k.
[130] 64 65 8E AA 11 DB 01 3C 06 A1 D2 08 B4 50 07 FC de.....< .....P..
[140] F6 92 63 58 FB EB EB A4 C7 08 51 86 28 2B 7B 98 ..cX.... ..Q.(+{.
[150] 6B CB 79 CF 9A 97 DE F8 C4 06 C3 EE B1 46 FF 2C k.y..... .....F.,
[160] 90 58 7A 79 44 01 B2 18 57 06 DC 70 4E 3B 0F F4 .XzyD... W..pN;..
[170] 3B 53 D0 15 23 54 4C C8 7B BE 9D 7F DC 69 01 3F ;S..#TL. {....i.?
[180] 0B 77 5C BA C2 FC B4 96 D8 07 37 5C 10 BF AF 87 .w\..... ..7\....
[190] 96 D3 DE 04 EB AF 71 2F 8F CB 3C BF 69 E8 15 A7 ......q/ ..<.i...
[1A0] 28 5F 55 C3 BE 13 67 DB F9 9E 15 1F C4 38 55 64 (_U...g. .....8Ud
[1B0] 35 E5 94 D1 64 95 59 25 D2 BB 30 F3 BB 90 D0 DA 5...d.Y% ..0.....
[1C0] 75 D0 06 5F 41 80 5B 9E 20 77 C2 E8 B5 66 8B 36 u.._A.[. w...f.6
[1D0] C6 5A 5A BD 27 F1 57 B7 0E B2 88 49 7D E7 69 1A .ZZ.'.W. ...I}.i.
[1E0] D4 B8 28 EE 88 56 0D 84 05 C7 A3 EA B2 55 05 06 ..(..V.. .....U..
[1F0] 16 AB 90 0D 4C 2D 71 D6 2D 92 2E C0 AA 1A 03 50 ....L-q. -......P
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:simple_packet_signature(283)
simple_packet_signature: sequence number 30
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
client_sign_outgoing_message: sent SMB signature of
[2010/09/24 08:00:23, 10] lib/util.c:dump_data(2286)
[000] 2B 5B 41 8F A7 02 D7 F1 +[A.....
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
store_sequence_for_reply: stored seq = 31 mid = 17
[2010/09/24 08:00:23, 6] libsmb/clientgen.c:write_socket(152)
write_socket(7,862)
[2010/09/24 08:00:23, 6] libsmb/clientgen.c:write_socket(155)
write_socket(7,862) wrote 862
[2010/09/24 08:00:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
got smb length of 84
[2010/09/24 08:00:23, 5] lib/util.c:show_msg(506)
[2010/09/24 08:00:23, 5] lib/util.c:show_msg(516)
size=84
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=8198
smb_pid=3787
smb_uid=16386
smb_mid=17
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 28 (0x1C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 28 (0x1C)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=29
[2010/09/24 08:00:23, 10] lib/util.c:dump_data(2286)
[000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0B 00 00 ........ ........
[010] 00 04 00 00 00 00 00 00 00 22 00 00 C0 ........ ."...
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
get_sequence_for_reply: found seq = 31 mid = 17
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:simple_packet_signature(283)
simple_packet_signature: sequence number 31
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
client_check_incoming_message: seq 31: got good SMB signature of
[2010/09/24 08:00:23, 10] lib/util.c:dump_data(2286)
[000] F5 9D 9A F1 D5 94 80 72 .......r
[2010/09/24 08:00:23, 5] lib/util.c:show_msg(506)
[2010/09/24 08:00:23, 5] lib/util.c:show_msg(516)
size=84
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=8198
smb_pid=3787
smb_uid=16386
smb_mid=17
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 28 (0x1C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 28 (0x1C)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=29
[2010/09/24 08:00:23, 10] lib/util.c:dump_data(2286)
[000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0B 00 00 ........ ........
[010] 00 04 00 00 00 00 00 00 00 22 00 00 C0 ........ ."...
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
get_sequence_for_reply: found seq = 31 mid = 17
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr rpc_hdr
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_uint8(616)
0000 major : 05
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_uint8(616)
0001 minor : 00
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_uint8(616)
0002 pkt_type : 02
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_uint8(616)
0003 flags : 03
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_uint8(616)
0004 pack_type0: 10
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_uint8(616)
0005 pack_type1: 00
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_uint8(616)
0006 pack_type2: 00
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_uint8(616)
0007 pack_type3: 00
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_uint16(681)
0008 frag_len : 001c
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_uint16(681)
000a auth_len : 0000
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_uint32(710)
000c call_id : 0000000b
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp rpc_hdr_resp
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_uint32(710)
0010 alloc_hint: 00000004
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_uint16(681)
0014 context_id: 0000
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_uint8(616)
0016 cancel_ct : 00
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_uint8(616)
0017 reserved : 00
[2010/09/24 08:00:23, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577)
cli_pipe_validate_current_pdu: got pdu len 28, data_len 4, ss_len 0
[2010/09/24 08:00:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
rpc_api_pipe: got PDU len of 28 at offset 0
[2010/09/24 08:00:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894)
rpc_api_pipe: Remote machine SVR-CAIRO.hptu.org.co pipe \samr fnum 0x4008 returned 8 bytes.
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_set_userinfo2
[2010/09/24 08:00:23, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
0000 status: NT_STATUS_ACCESS_DENIED
[2010/09/24 08:00:23, 10] intl/lang_tdb.c:lang_tdb_init(138)
lang_tdb_init: /usr/lib64/samba/en_US.UTF-8.msg: No such file or directory
Failed to set password for machine account (NT_STATUS_ACCESS_DENIED)
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:simple_packet_signature(283)
simple_packet_signature: sequence number 32
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
client_sign_outgoing_message: sent SMB signature of
[2010/09/24 08:00:23, 10] lib/util.c:dump_data(2286)
[000] 02 49 42 20 EA EC A4 A3 .IB ....
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
store_sequence_for_reply: stored seq = 33 mid = 18
[2010/09/24 08:00:23, 6] libsmb/clientgen.c:write_socket(152)
write_socket(7,45)
[2010/09/24 08:00:23, 6] libsmb/clientgen.c:write_socket(155)
write_socket(7,45) wrote 45
[2010/09/24 08:00:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
got smb length of 35
[2010/09/24 08:00:23, 5] lib/util.c:show_msg(506)
[2010/09/24 08:00:23, 5] lib/util.c:show_msg(516)
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=8198
smb_pid=3787
smb_uid=16386
smb_mid=18
smt_wct=0
smb_bcc=0
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
get_sequence_for_reply: found seq = 33 mid = 18
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:simple_packet_signature(283)
simple_packet_signature: sequence number 33
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
client_check_incoming_message: seq 33: got good SMB signature of
[2010/09/24 08:00:23, 10] lib/util.c:dump_data(2286)
[000] EC A9 7F 17 E9 5D CA 3D .....].=
[2010/09/24 08:00:23, 10] libsmb/clientgen.c:cli_rpc_pipe_close(394)
cli_rpc_pipe_close: closed pipe \samr to machine SVR-CAIRO.hptu.org.co
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:simple_packet_signature(283)
simple_packet_signature: sequence number 34
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:client_sign_outgoing_message(349)
client_sign_outgoing_message: sent SMB signature of
[2010/09/24 08:00:23, 10] lib/util.c:dump_data(2286)
[000] 97 4F CC 96 7E F9 CA 8C .O..~...
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
store_sequence_for_reply: stored seq = 35 mid = 19
[2010/09/24 08:00:23, 6] libsmb/clientgen.c:write_socket(152)
write_socket(7,39)
[2010/09/24 08:00:23, 6] libsmb/clientgen.c:write_socket(155)
write_socket(7,39) wrote 39
[2010/09/24 08:00:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(623)
got smb length of 35
[2010/09/24 08:00:23, 5] lib/util.c:show_msg(506)
[2010/09/24 08:00:23, 5] lib/util.c:show_msg(516)
size=35
smb_com=0x71
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=8198
smb_pid=3787
smb_uid=16386
smb_mid=19
smt_wct=0
smb_bcc=0
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
get_sequence_for_reply: found seq = 35 mid = 19
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:simple_packet_signature(283)
simple_packet_signature: sequence number 35
[2010/09/24 08:00:23, 10] libsmb/smb_signing.c:client_check_incoming_message(430)
client_check_incoming_message: seq 35: got good SMB signature of
[2010/09/24 08:00:23, 10] lib/util.c:dump_data(2286)
[000] 0F 12 CB DF DE 44 F6 A0 .....D..
[2010/09/24 08:00:23, 1] utils/net_ads.c:net_ads_join(1556)
call of net_join_domain failed: Access denied
Failed to join domain: Access denied
[2010/09/24 08:00:23, 2] utils/net.c:main(1075)
return code = -1
[root@monitorlinux ~]#

So i cannot log into that box with my AD username and password
I also tried from another machine through ssh and obviusly had no luck...

Can anyone tell what am I missing

jemrpo
Posts: 2
Joined: 2010/09/24 12:37:47

Re: Authenticate Centos box into WS 2003 Active Director

Postby jemrpo » 2010/09/24 16:07:23

These are the config files:

Code: Select all

[root@monitorlinux ~]# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = HPTU.ORG.CO
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes

[realms]
HPTU.ORG.CO = {
   kdc = SVR-CAIRO.HPTU.ORG.CO
   admin_server = SVR-CAIRO.HPTU.ORG.CO
   default_domain = HPTU.ORG.CO
   kpasswd_server = SVR-SERVER.HPTU.ORG.CO
}

[domain_realm]
.hptu.org.co = HPTU.ORG.CO
 hptu.org.co = HPTU.ORG.CO

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = true
}

[root@monitorlinux ~]# cat /etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat

hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis

[root@monitorlinux ~]# cat /etc/samba/smb.conf
GLOBAL PARAMETERS
[global]
   workgroup = HPTU
   password server = 172.20.21.34
   realm = HPTU.ORG.CO
#   preferred master = no
#   server string = MONITORLINUX
   security = ADS
   encrypt passwords = true
   log level = 3
   log file = /var/log/samba/%m
   max log size = 50
#   printcap name = cups
#   printing = cups
   winbind enum users = yes
   winbind enum groups = yes
   winbind use default domain = yes
   winbind nested groups = yes
;  winbind separator = +
   idmap uid = 500-20000
   idmap gid = 500-20000
   ;template primary group = "Domain Users"
   template shell = /bin/bash
   client use spnego = yes
   client ntlmv2 auth = yes
   template homedir = /home/%D/%U
   client schannel = no

#[homes]
#   comment = Home Direcotries
#   valid users = %S
#   read only = No
 #  browseable = No
#
#[printers]
#   comment = All Printers
#   path = /var/spool/cups
#   browseable = no
#   printable = yes
#   guest ok = yes

[Moderator edit: Added code tags to preserve formatting.]

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Authenticate Centos box into WS 2003 Active Director

Postby pschaff » 2010/09/27 20:20:07

Welcome to the CentOS fora. The following reading is recommended for new users:
Readme First
Installing Software
Where to Find Answers
How to provide information about your system

I can't see what may be wrong except that you have provided more debug information than anyone is likely to take time to look at, and the "GLOBAL PARAMETERS" line in smb.conf seems like it ought to be commented out. Does "testparm" think it's OK?

Perhaps the Samba.org docs will help:

http://wiki.samba.org/index.php/Samba_& ... _Directory

vladinator
Posts: 10
Joined: 2014/11/13 23:01:58

Re: Authenticate Centos box into WS 2003 Active Director

Postby vladinator » 2015/09/29 21:18:02

Your link http://www.centos.org/modules/newbb/viewtopic.php?topic_id=14274&forum=47 results in a message that says
You are not authorised to read this forum.

User avatar
TrevorH
Forum Moderator
Posts: 20639
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Authenticate Centos box into WS 2003 Active Director

Postby TrevorH » 2015/09/29 22:26:21

We had many almost identical "FAQ" forums and the link you followed went to one of the now closed versions. The correct one is https://www.centos.org/forums/viewforum.php?f=12
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke