samba ldap winbindd kerberos with active directory errors

[localhost]

My problem consists of Samba + Winbindd + Ldap + Kerberos not
authenticating with Active Directory. For example, if I do 'smbclient -L
localhost -U username%password(active directory account)' I get
NT_STATUS_LOGIN_FAILURE. Ive debugged for quite sometime trying to
pinpoint some sort of configuration that needs to be changed or added.
To my experience I think the problem resolves at ldap, but I cannot find
anything. I can do a kerberos successfully(kinit), wbinfo
succesfully(wbinfo -u), join the domain successfully(net ads join), a
ldapsearch successfully(ldapsearch -h host.domain.com). The
smb.conf,krb5.conf configs were pulled from other older but stable Linux
servers and were modified for each server.

I see a lot of folks posting similar problems relating to openLADP but
cannot seem to relate exactly what I'm experiencing. I'm stumped.

The thing that is realy throwing me is that i seem to be able in some
odd way to authenticate to my active directory accounts using the
smbclient command, I just can't do it unless an account with the same
name exists on my BSD box.

I ran the following test:
1) created a user named smbuser with the password "password"
2) placed the user in the mitsadmin group to give access to the share
3) tried an smbclient -L localhost -Usmbuser, the error returned was:

#####################################
session setup failed: NT_STATUS_LOGON_FAILURE
#####################################

4) i then created an account smbuser with the password "diffpass"
5) tried an smbclient -L localhost -Usmbuser again this with the AD
passwd "pasword" and got:

#####################################
Domain=[TECH] OS=[Unix] Server=[Samba 3.0.11]

Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (FreeBSD Samba Server)
ADMIN$ IPC IPC Service (FreeBSD Samba Server)
Domain=[TECH] OS=[Unix] Server=[Samba 3.0.11]

Server Comment
--------- -------
CDSRV4 FreeBSD Samba Server
ADC3

Workgroup Master
--------- -------
TECH ADC3
#####################################

5) tried an smbclient -L localhost -Usmbuser again this with the unix
passwd "diffpass" and got:

session setup failed: NT_STATUS_LOGON_FAILURE

It seems there may be some intermediate step before the AD lookup that
may be holding up authentication.

The error message in my log file is as follows

#####################################
[2005/03/21 14:53:37, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[TECH]\[smbuser]@[C
DSRV4] with the new password interface
[2005/03/21 14:53:37, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [TECH]\[smbuser]@[CDSRV4]
[2005/03/21 14:53:37, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/03/21 14:53:37, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/03/21 14:53:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/03/21 14:53:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/03/21 14:53:37, 3] auth/auth_util.c:make_server_info_info3(1156)
User smbuser does not exist, trying to add it
[2005/03/21 14:53:37, 0] auth/auth_util.c:make_server_info_info3(1163)
make_server_info_info3: pdb_init_sam failed!
[2005/03/21 14:53:37, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [smbuser] -> [smbuser]
FAILED
with error NT_STATUS_NO_SUCH_USER
[2005/03/21 14:53:37, 3] smbd/process.c:timeout_processing(1334)
timeout_processing: End of file from client (client has disconnected).
[2005/03/21 14:53:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/03/21 14:53:37, 2] smbd/server.c:exit_server(609)
Closing connections
[2005/03/21 14:53:37, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2005/03/21 14:53:37, 3] smbd/server.c:exit_server(652)
Server exit (normal exit)
#####################################

Versions of packages installed:
samba-3.0.11.tar.gz
openldap-2.2.24.tgz
freebsd-5.3-RELEASE-i386
heimdal-0.6.1(kerberos)
*compilied samba with ldap,winbindd,krb5


Configuration Files:

smb.conf
#####################################
[global]
workgroup = TECH
netbios name = SERVER3
realm = host.domain.com
security = ads
encrypt passwords = yes
password server = server.host.domain.com
wins server = server.host.domain.com
name resolve order = lmhosts host wins bcast
log file = /var/log/samba/%m.log
server string = FreeBSD Samba Server
log level = 10
allow trusted domains = No
winbind use default domain = yes
winbind trusted domains only = No
winbind cache time = 10
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/sh
template homedir = /home/%D/%U
idmap uid = 10000-50000
idmap gid = 10000-20000

#============================ Share Definitions
==============================

#Used for reimaging labs
[IMAGES]
comment = Ghost Images
path = /data/pub/images
browseable = no
read only = no
write list = @mitsadmin
read list = @techs, ghost
#####################################


krb5.conf
#####################################
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = HOST.DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
HOST.DOMAIN.COM = {
kdc = server.host.domain.com:88
admin_server = server.host.domain.com:749
default_domain = host.domain.com
}

[domain_realm]
.host.domain.com = HOST.DOMAIN.COM
host.domain.com = HOST.DOMAIN.COM

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
#####################################

nsswitch.conf
#####################################
passwd: files winbind
group: files winbind
hosts: files dns
#####################################

[rvalba]

Hi,

My problem are excactly like yours..and ive been working this for weeks now. Im just new with linux and new with this company. any solution for this problem? Thank you very much

Reymark