[Samba] s3 connect to s4 ads woes, need guidance..
Aaron E.
ssureshot at gmail.com
Fri May 11 09:27:50 MDT 2012
I hadn't had a chance to get back to the list on this one..
Indeed, this was the reason it was failing. I added this so it would
create the keytab for me and assumed this should work.. I'll just use
"net rpc keytab create" from now on..
I was experiencing one issue that I couldn't connect to the share via
\\name so I strayed away from the keytab being the problem as it did
work to some degree..
Thanks for the reply and keep up the good work Andrew!!
On 05/10/2012 06:54 PM, Andrew Bartlett wrote:
> On Wed, 2012-05-09 at 09:37 -0400, Aaron E. wrote:
>> The problem came right back after I posted that it was fixed after being
>> compiled... I've been doing much more troubleshooting trial and error
>> with options in smb.conf.. Here is a debug of the machine..
>>
>> Machine Details Samba4 Domain,, Samba3 Print server, Windows 2008 R2
>
>> [2012/05/09 09:18:56, 0]
>> libads/kerberos_verify.c:72(ads_dedicated_keytab_verify_ticket)
>> krb5_rd_req failed (Wrong principal in request)
>> [2012/05/09 09:18:56, 3] libads/kerberos_verify.c:568(ads_verify_ticket)
>> ads_verify_ticket: krb5_rd_req with auth failed (Wrong principal in
>> request)
>
> My suggestion is to remove any non-default setting for 'kerberos method'
> and rejoin. My guess is that you are connecting under a different name
> to that stored in the system-wide /etc/krb5.keytab. Our default method
> copes with this.
>
> Andrew Bartlett
>
More information about the samba
mailing list