Red Hat Bugzilla – Bug 257121
Windows XP client Domain Authentication not working with "security = ADS"
Last modified: 2007-11-30 17:07:47 EST
Description of problem:
Unable to authenticate samba against a Windows 2003 Server domain controller for
Version-Release number of selected component (if applicable):
On any Redhat Ent. 5 machine at my site while attempting to authenticate from
Windows XP SP2 client system.
Steps to Reproduce:
1. Create local /etc/passwd entry for user already on Windows 2003 server domain
2. Set up kerberos realm configuration and use "net ads join ..." command to
create machine account for Samba server on Windows domain
3. Attempt to browse samba share points from Windows XP client
Actual results: Client returns back failed authentication
Expected results: Browse samba shares, access files as usual
The exact smb.conf I was using on RHEL 4 U5 (samba-3.0.10-1.4E.12.2) and when I
compile and use samba source (3.0.25c) work fine. Something with domain auth is
broken in the RHEL 5 shipping version. I ran smbd in debug 10 and am completely
Created attachment 174001 [details]
Debug 10 output of attempt to authenticate (anonymized)
workgroup = WINDOWS
server string = Samba Server
security = ADS
load printers = yes
cups options = raw
log file = /var/log/samba/smb.log
max log size = 5000
realm = WINDOWS.DOMAIN
dns proxy = no
comment = Share
path = /export/share
I think I remember a fix we addedd upstream after 3.0.23c was released that may
address your problem. In the beta channel we have a newer version of samba that
should address it. Will you consider testing the version we have in the beta
If you do please make sure you backup all relevant files in case you want to
revert back to 3.0.23c afterwards.
Yes, the beta channel version works. Looking forward to U1.
Same problem here (NT_STATUS_NO_SUCH_USER errors), the 5.1 beta version works
fine for me as well.
This is the same bug as FC6 had here:
I've been forced to upgrade our EL 5 systems Sambas to FC6 versions, to get this
to work now.
The upstream Samba bug was this one:
So why can't you just use the beta as Charles did?
Anyway it will be fixed in 5.1, you should be able to go back to use the RHEL
samba packages then.
There wasn't a beta version when we installed RH5.
The beta is available in the beta channel.
You can subscribe your machine to the beta channel via RHN.