[Samba] Samba server joining domain and browsing group shares
Victor Mendez
vmendez at netsystemsinfo.com
Fri Feb 29 04:12:35 GMT 2008
Alex thank you for your support, can you please explain the command below:
Specially the chown I'm not familiar with the syntax you are using. If I try
to apply this to our TEST configuration it does not work we get the following
error:
cuzco:~ # chown 0:"NETSYS\Series" /Series
chown: `0:NETSYS\\Series': invalid group
Being NETSYS = workgroup name
Being Series = group Series defined on the ADS windows PDC
Being /Series = a disk share on the samba machine
> On the server you have to use the chown command and chmod command to give
> the AD group DEP_TEST_MEMBER access on the Linux filesystem:
> chmod g+s /data/grp
> chown 0:"TEST\DEP_TEST_MEMBER" /data/grp
QUESTION: does DEP_TEST_MEMBER is a group defined on the Linux box and on the
ADS. or is only defined on the ADS.?
on my linux TEST box on the /etc/groups there is no "Series" group
on my windows TEST ADS there is a group called "Series" with 4 users
Another thing maybe I have not been clear, from our windows workstations we
want to connect to a share in the Linux box but the user logged in the
workstation does NOT have an account on linux machine he has an account on
the windows ADS PDC.
The following things work on our test environment machines:
- Kerberos configuration see command below:
cuzco:~ # klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: vmendez at NETSYSTEMSINFO.COM
Valid starting Expires Service principal
02/26/08 23:36:17 02/27/08 09:36:53
krbtgt/NETSYSTEMSINFO.COM at NETSYSTEMSINFO.COM
renew until 02/27/08 23:36:17
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
- Joining the Domain see command below:
cuzco:~ # net ads join -U Administrator
Administrator's password:
Using short domain name -- NETSYS
Joined 'CUZCO' to realm 'NETSYSTEMSINFO.COM'
- client connection using ADS user not defined on server. (My brother does not
have an account on the linux box only on the ADS test machine)
cuzco:~ # smbclient -L cuzco -Uamendez
Password:
Domain=[NETSYS] OS=[Unix] Server=[Samba 3.0.26a-3.5-1616-SUSE-SL10.3]
Sharename Type Comment
--------- ---- -------
users Disk All users
print$ Disk Printer Drivers
documentaries Disk Documentaries files
movies Disk Movies media files
series Disk Series media files
IPC$ IPC IPC Service (Linux file server)
lj2600n Printer HP Color LaserJet 2600n
Domain=[NETSYS] OS=[Unix] Server=[Samba 3.0.26a-3.5-1616-SUSE-SL10.3]
Server Comment
--------- -------
AREQUIPA
CUZCO Linux file server
Workgroup Master
--------- -------
NETSYS AREQUIPA
This does not work:
We are on the PDC and we try to browse/connect to any of the shares other than
home on the linux samba box. See attached print.ps image.
This is the debug oputpt of the /var/log/samba/* files, when we attemmpt to
browse/connect to the shares:
02/28/2008 10:40:34 PM libads/kerberos_verify.c ads_keytab_verify_ticket 172
ads_keytab_verify_ticket: krb5_rd_req failed for all 12 matched keytab
principals
02/28/2008 10:40:34 PM libads/kerberos_verify.c ads_keytab_verify_ticket 172
ads_keytab_verify_ticket: krb5_rd_req failed for all 12 matched keytab
principals
02/28/2008 10:40:34 PM libads/kerberos_verify.c ads_keytab_verify_ticket 172
ads_keytab_verify_ticket: krb5_rd_req failed for all 12 matched keytab
principals
02/28/2008 10:40:34 PM libads/kerberos_verify.c ads_keytab_verify_ticket 172
ads_keytab_verify_ticket: krb5_rd_req failed for all 12 matched keytab
principals
02/28/2008 10:40:34 PM libads/kerberos_verify.c ads_keytab_verify_ticket 172
ads_keytab_verify_ticket: krb5_rd_req failed for all 12 matched keytab
principals
02/28/2008 10:40:34 PM libads/kerberos_verify.c ads_keytab_verify_ticket 172
ads_keytab_verify_ticket: krb5_rd_req failed for all 12 matched keytab
principals
02/28/2008 10:40:34 PM libads/kerberos_verify.c ads_secrets_verify_ticket 279
ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt
integrity check failed
02/28/2008 10:40:34 PM libads/kerberos_verify.c ads_secrets_verify_ticket 279
ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt
integrity check failed
02/28/2008 10:40:34 PM libads/kerberos_verify.c ads_secrets_verify_ticket 279
ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt
integrity check failed
02/28/2008 10:40:34 PM libads/kerberos_verify.c ads_secrets_verify_ticket 279
ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt
integrity check failed
02/28/2008 10:40:34 PM libads/kerberos_verify.c ads_secrets_verify_ticket 279
ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt
integrity check failed
02/28/2008 10:40:34 PM libads/kerberos_verify.c ads_secrets_verify_ticket 279
ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt
integrity check failed
02/28/2008 10:40:34 PM libads/kerberos_verify.c ads_verify_ticket 427
ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check
failed)
02/28/2008 10:40:34 PM libads/kerberos_verify.c ads_verify_ticket 427
ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check
failed)
02/28/2008 10:40:34 PM libads/kerberos_verify.c ads_verify_ticket 427
ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check
failed)
02/28/2008 10:40:34 PM libads/kerberos_verify.c ads_verify_ticket 427
ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check
failed)
02/28/2008 10:40:34 PM libads/kerberos_verify.c ads_verify_ticket 427
ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check
failed)
02/28/2008 10:40:34 PM libads/kerberos_verify.c ads_verify_ticket 427
ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check
failed)
02/28/2008 10:40:34 PM lib/util_sid.c string_to_sid 223 string_to_sid: Sid
@NETSYSTEMSINFO.COM\Documentaries does not start with 'S-'.
02/28/2008 10:40:34 PM lib/util_sid.c string_to_sid 223 string_to_sid: Sid
@NETSYSTEMSINFO.COM\Documentaries does not start with 'S-'.
02/28/2008 10:40:34 PM lib/util_sid.c string_to_sid 223 string_to_sid: Sid
@NETSYSTEMSINFO.COM\Documentaries does not start with 'S-'.
02/28/2008 10:40:34 PM lib/util_sid.c string_to_sid 223 string_to_sid: Sid
@NETSYSTEMSINFO.COM\Documentaries does not start with 'S-'.
02/28/2008 10:40:34 PM rpc_server/srv_pipe.c api_pipe_bind_req 1534
api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs
02/28/2008 10:40:34 PM rpc_server/srv_pipe.c api_pipe_bind_req 1534
api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs
02/28/2008 10:40:34 PM rpc_server/srv_pipe.c api_rpcTNP 2265 api_rpcTNP: rpc
command: SRV_NET_SHARE_GET_INFO
02/28/2008 10:40:34 PM rpc_server/srv_pipe.c api_rpcTNP 2265 api_rpcTNP: rpc
command: SRV_NET_SHARE_GET_INFO
02/28/2008 10:40:34 PM rpc_server/srv_pipe.c check_bind_req 985 check_bind_req
for \PIPE\srvsvc
02/28/2008 10:40:34 PM rpc_server/srv_pipe.c check_bind_req 985 check_bind_req
for \PIPE\srvsvc
02/28/2008 10:40:34 PM rpc_server/srv_pipe_hnd.c free_pipe_context 529
free_pipe_context: destroying talloc pool of size 112
02/28/2008 10:40:34 PM rpc_server/srv_pipe_hnd.c free_pipe_context 529
free_pipe_context: destroying talloc pool of size 112
02/28/2008 10:40:34 PM rpc_server/srv_pipe_hnd.c free_pipe_context 529
free_pipe_context: destroying talloc pool of size 71
02/28/2008 10:40:34 PM rpc_server/srv_pipe_hnd.c free_pipe_context 529
free_pipe_context: destroying talloc pool of size 71
02/28/2008 10:40:34 PM smbd/error.c error_packet_set 106 error packet at
smbd/reply.c(514) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
02/28/2008 10:40:34 PM smbd/error.c error_packet_set 106 error packet at
smbd/reply.c(514) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
02/28/2008 10:40:34 PM smbd/error.c error_packet_set 106 error packet at
smbd/reply.c(514) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
02/28/2008 10:40:34 PM smbd/error.c error_packet_set 106 error packet at
smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
02/28/2008 10:40:34 PM smbd/error.c error_packet_set 106 error packet at
smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
02/28/2008 10:40:34 PM smbd/error.c error_packet_set 106 error packet at
smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
02/28/2008 10:40:34 PM smbd/error.c error_packet_set 106 error packet at
smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
02/28/2008 10:40:34 PM smbd/error.c error_packet_set 106 error packet at
smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
02/28/2008 10:40:34 PM smbd/error.c error_packet_set 106 error packet at
smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
02/28/2008 10:40:34 PM smbd/ipc.c api_fd_reply 300 Got API command 0x26 on
pipe "srvsvc" (pnum 72d8)
02/28/2008 10:40:34 PM smbd/ipc.c api_fd_reply 300 Got API command 0x26 on
pipe "srvsvc" (pnum 72d8)
02/28/2008 10:40:34 PM smbd/ipc.c api_fd_reply 300 Got API command 0x26 on
pipe "srvsvc" (pnum 72d9)
02/28/2008 10:40:34 PM smbd/ipc.c api_fd_reply 300 Got API command 0x26 on
pipe "srvsvc" (pnum 72d9)
02/28/2008 10:40:34 PM smbd/ipc.c handle_trans 373 trans <\PIPE\> data=100
params=0 setup=2
02/28/2008 10:40:34 PM smbd/ipc.c handle_trans 373 trans <\PIPE\> data=100
params=0 setup=2
02/28/2008 10:40:34 PM smbd/ipc.c handle_trans 373 trans <\PIPE\> data=72
params=0 setup=2
02/28/2008 10:40:34 PM smbd/ipc.c handle_trans 373 trans <\PIPE\> data=72
params=0 setup=2
02/28/2008 10:40:34 PM smbd/ipc.c named_pipe 340 named pipe command on <> name
02/28/2008 10:40:34 PM smbd/ipc.c named_pipe 340 named pipe command on <> name
02/28/2008 10:40:34 PM smbd/ipc.c named_pipe 340 named pipe command on <> name
02/28/2008 10:40:34 PM smbd/ipc.c named_pipe 340 named pipe command on <> name
02/28/2008 10:40:34 PM smbd/nttrans.c nt_open_pipe 349 nt_open_pipe: Known
pipe srvsvc opening.
02/28/2008 10:40:34 PM smbd/nttrans.c nt_open_pipe 349 nt_open_pipe: Known
pipe srvsvc opening.
02/28/2008 10:40:34 PM smbd/process.c process_smb 1068 Transaction 550 of
length 1378
02/28/2008 10:40:34 PM smbd/process.c process_smb 1068 Transaction 551 of
length 104
02/28/2008 10:40:34 PM smbd/process.c process_smb 1068 Transaction 552 of
length 160
02/28/2008 10:40:34 PM smbd/process.c process_smb 1068 Transaction 553 of
length 188
02/28/2008 10:40:34 PM smbd/process.c process_smb 1068 Transaction 554 of
length 45
02/28/2008 10:40:34 PM smbd/process.c process_smb 1068 Transaction 555 of
length 1378
02/28/2008 10:40:34 PM smbd/process.c process_smb 1068 Transaction 556 of
length 104
02/28/2008 10:40:34 PM smbd/process.c process_smb 1068 Transaction 557 of
length 160
02/28/2008 10:40:34 PM smbd/process.c process_smb 1068 Transaction 558 of
length 188
02/28/2008 10:40:34 PM smbd/process.c process_smb 1068 Transaction 559 of
length 45
02/28/2008 10:40:34 PM smbd/process.c process_smb 1068 Transaction 560 of
length 1378
02/28/2008 10:40:34 PM smbd/process.c process_smb 1068 Transaction 561 of
length 98
02/28/2008 10:40:34 PM smbd/process.c process_smb 1068 Transaction 562 of
length 1378
02/28/2008 10:40:34 PM smbd/process.c process_smb 1068 Transaction 563 of
length 98
02/28/2008 10:40:34 PM smbd/process.c process_smb 1068 Transaction 564 of
length 1378
02/28/2008 10:40:34 PM smbd/process.c process_smb 1068 Transaction 565 of
length 98
02/28/2008 10:40:34 PM smbd/process.c process_smb 1068 Transaction 566 of
length 1378
02/28/2008 10:40:34 PM smbd/process.c process_smb 1068 Transaction 567 of
length 98
02/28/2008 10:40:34 PM smbd/process.c switch_message 926 switch message
SMBclose (pid 14489) conn 0x80451378
02/28/2008 10:40:34 PM smbd/process.c switch_message 926 switch message
SMBclose (pid 14489) conn 0x80451378
02/28/2008 10:40:34 PM smbd/process.c switch_message 926 switch message
SMBntcreateX (pid 14489) conn 0x80451378
02/28/2008 10:40:34 PM smbd/process.c switch_message 926 switch message
SMBntcreateX (pid 14489) conn 0x80451378
02/28/2008 10:40:34 PM smbd/process.c switch_message 926 switch message
SMBsesssetupX (pid 14489) conn 0x0
02/28/2008 10:40:34 PM smbd/process.c switch_message 926 switch message
SMBsesssetupX (pid 14489) conn 0x0
02/28/2008 10:40:34 PM smbd/process.c switch_message 926 switch message
SMBsesssetupX (pid 14489) conn 0x0
02/28/2008 10:40:34 PM smbd/process.c switch_message 926 switch message
SMBsesssetupX (pid 14489) conn 0x0
02/28/2008 10:40:34 PM smbd/process.c switch_message 926 switch message
SMBsesssetupX (pid 14489) conn 0x0
02/28/2008 10:40:34 PM smbd/process.c switch_message 926 switch message
SMBsesssetupX (pid 14489) conn 0x0
02/28/2008 10:40:34 PM smbd/process.c switch_message 926 switch message
SMBtconX (pid 14489) conn 0x0
02/28/2008 10:40:34 PM smbd/process.c switch_message 926 switch message
SMBtconX (pid 14489) conn 0x0
02/28/2008 10:40:34 PM smbd/process.c switch_message 926 switch message
SMBtconX (pid 14489) conn 0x0
02/28/2008 10:40:34 PM smbd/process.c switch_message 926 switch message
SMBtconX (pid 14489) conn 0x0
02/28/2008 10:40:34 PM smbd/process.c switch_message 926 switch message
SMBtrans (pid 14489) conn 0x80451378
02/28/2008 10:40:34 PM smbd/process.c switch_message 926 switch message
SMBtrans (pid 14489) conn 0x80451378
02/28/2008 10:40:34 PM smbd/process.c switch_message 926 switch message
SMBtrans (pid 14489) conn 0x80451378
02/28/2008 10:40:34 PM smbd/process.c switch_message 926 switch message
SMBtrans (pid 14489) conn 0x80451378
02/28/2008 10:40:34 PM smbd/sec_ctx.c pop_sec_ctx 356 pop_sec_ctx (0, 0) -
sec_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/sec_ctx.c pop_sec_ctx 356 pop_sec_ctx (0, 0) -
sec_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/sec_ctx.c pop_sec_ctx 356 pop_sec_ctx (0, 0) -
sec_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/sec_ctx.c pop_sec_ctx 356 pop_sec_ctx (0, 0) -
sec_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/sec_ctx.c push_sec_ctx 208 push_sec_ctx(0, 0) :
sec_ctx_stack_ndx = 1
02/28/2008 10:40:34 PM smbd/sec_ctx.c push_sec_ctx 208 push_sec_ctx(0, 0) :
sec_ctx_stack_ndx = 1
02/28/2008 10:40:34 PM smbd/sec_ctx.c push_sec_ctx 208 push_sec_ctx(0, 0) :
sec_ctx_stack_ndx = 1
02/28/2008 10:40:34 PM smbd/sec_ctx.c push_sec_ctx 208 push_sec_ctx(0, 0) :
sec_ctx_stack_ndx = 1
02/28/2008 10:40:34 PM smbd/sec_ctx.c set_sec_ctx 241 setting sec ctx (0, 0) -
sec_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/sec_ctx.c set_sec_ctx 241 setting sec ctx (0, 0) -
sec_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/sec_ctx.c set_sec_ctx 241 setting sec ctx (0, 0) -
sec_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/sec_ctx.c set_sec_ctx 241 setting sec ctx (0, 0) -
sec_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/sec_ctx.c set_sec_ctx 241 setting sec ctx (0, 0) -
sec_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/sec_ctx.c set_sec_ctx 241 setting sec ctx (0, 0) -
sec_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/sec_ctx.c set_sec_ctx 241 setting sec ctx (0, 0) -
sec_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/sec_ctx.c set_sec_ctx 241 setting sec ctx (0, 0) -
sec_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/sec_ctx.c set_sec_ctx 241 setting sec ctx (0, 0) -
sec_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/sec_ctx.c set_sec_ctx 241 setting sec ctx (0, 0) -
sec_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/sec_ctx.c set_sec_ctx 241 setting sec ctx (0, 0) -
sec_ctx_stack_ndx = 1
02/28/2008 10:40:34 PM smbd/sec_ctx.c set_sec_ctx 241 setting sec ctx (0, 0) -
sec_ctx_stack_ndx = 1
02/28/2008 10:40:34 PM smbd/sec_ctx.c set_sec_ctx 241 setting sec ctx (0, 0) -
sec_ctx_stack_ndx = 1
02/28/2008 10:40:34 PM smbd/sec_ctx.c set_sec_ctx 241 setting sec ctx (0, 0) -
sec_ctx_stack_ndx = 1
02/28/2008 10:40:34 PM smbd/sec_ctx.c set_sec_ctx 241 setting sec ctx (1000,
100) - sec_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/sec_ctx.c set_sec_ctx 241 setting sec ctx (1000,
100) - sec_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/service.c make_connection_snum 616 user 'vmendez'
(from session setup) not permitted to access this share (documentaries)
02/28/2008 10:40:34 PM smbd/service.c make_connection_snum 616 user 'vmendez'
(from session setup) not permitted to access this share (documentaries)
02/28/2008 10:40:34 PM smbd/service.c make_connection_snum 616 user 'vmendez'
(from session setup) not permitted to access this share (documentaries)
02/28/2008 10:40:34 PM smbd/service.c make_connection_snum 616 user 'vmendez'
(from session setup) not permitted to access this share (documentaries)
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_sesssetup_and_X 1244 wct=12
flg2=0xc807
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_sesssetup_and_X 1244 wct=12
flg2=0xc807
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_sesssetup_and_X 1244 wct=12
flg2=0xc807
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_sesssetup_and_X 1244 wct=12
flg2=0xc807
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_sesssetup_and_X 1244 wct=12
flg2=0xc807
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_sesssetup_and_X 1244 wct=12
flg2=0xc807
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_sesssetup_and_X_spnego 1029
Doing spnego session setup
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_sesssetup_and_X_spnego 1029
Doing spnego session setup
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_sesssetup_and_X_spnego 1029
Doing spnego session setup
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_sesssetup_and_X_spnego 1029
Doing spnego session setup
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_sesssetup_and_X_spnego 1029
Doing spnego session setup
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_sesssetup_and_X_spnego 1029
Doing spnego session setup
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_sesssetup_and_X_spnego 1060
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[]
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_sesssetup_and_X_spnego 1060
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[]
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_sesssetup_and_X_spnego 1060
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[]
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_sesssetup_and_X_spnego 1060
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[]
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_sesssetup_and_X_spnego 1060
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[]
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_sesssetup_and_X_spnego 1060
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[]
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_spnego_kerberos 316 Failed to
verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_spnego_kerberos 316 Failed to
verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_spnego_kerberos 316 Failed to
verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_spnego_kerberos 316 Failed to
verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_spnego_kerberos 316 Failed to
verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_spnego_kerberos 316 Failed to
verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_spnego_negotiate 697
reply_spnego_negotiate: Got secblob of size 1176
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_spnego_negotiate 697
reply_spnego_negotiate: Got secblob of size 1176
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_spnego_negotiate 697
reply_spnego_negotiate: Got secblob of size 1176
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_spnego_negotiate 697
reply_spnego_negotiate: Got secblob of size 1176
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_spnego_negotiate 697
reply_spnego_negotiate: Got secblob of size 1176
02/28/2008 10:40:34 PM smbd/sesssetup.c reply_spnego_negotiate 697
reply_spnego_negotiate: Got secblob of size 1176
02/28/2008 10:40:34 PM smbd/uid.c push_conn_ctx 358 push_conn_ctx(0) :
conn_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/uid.c push_conn_ctx 358 push_conn_ctx(0) :
conn_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/uid.c push_conn_ctx 358 push_conn_ctx(0) :
conn_ctx_stack_ndx = 0
02/28/2008 10:40:34 PM smbd/uid.c push_conn_ctx 358 push_conn_ctx(0) :
conn_ctx_stack_ndx = 0
02/28/2008 10:40:47 PM libads/kerberos_verify.c ads_keytab_verify_ticket 172
ads_keytab_verify_ticket: krb5_rd_req failed for all 12 matched keytab
principals
02/28/2008 10:40:47 PM libads/kerberos_verify.c ads_secrets_verify_ticket 279
ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt
integrity check failed
02/28/2008 10:40:47 PM libads/kerberos_verify.c ads_verify_ticket 427
ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check
failed)
02/28/2008 10:40:47 PM smbd/process.c process_smb 1068 Transaction 568 of
length 1378
02/28/2008 10:40:47 PM smbd/process.c switch_message 926 switch message
SMBsesssetupX (pid 14489) conn 0x0
02/28/2008 10:40:47 PM smbd/sec_ctx.c set_sec_ctx 241 setting sec ctx (0, 0) -
sec_ctx_stack_ndx = 0
02/28/2008 10:40:47 PM smbd/sesssetup.c reply_sesssetup_and_X 1244 wct=12
flg2=0xc807
02/28/2008 10:40:47 PM smbd/sesssetup.c reply_sesssetup_and_X_spnego 1029
Doing spnego session setup
02/28/2008 10:40:47 PM smbd/sesssetup.c reply_sesssetup_and_X_spnego 1060
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[]
02/28/2008 10:40:47 PM smbd/sesssetup.c reply_spnego_kerberos 316 Failed to
verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
02/28/2008 10:40:47 PM smbd/sesssetup.c reply_spnego_negotiate 697
reply_spnego_negotiate: Got secblob of size 1176
We have adjusted the /etc/samba/smb.conf file to match your sample file
config. Here I include a copy:
.[global]
workgroup = NETSYS
realm = NETSYSTEMSINFO.COM
preferred master = no
server string = Linux file server
security = ADS
encrypt passwords = yes
log level = 3
printcap name = cups
printing = cups
cups options = raw
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = no
winbind separator = +
map to guest = Bad User
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
#security = user
add machine script = /usr/sbin/useradd -c
Machine -d /var/lib/nobody -s
/bin/false %m$
domain logons = No
domain master = No
netbios name = cuzco
usershare allow guests = No
use kerberos keytab = true
idmap gid = 10000-20000
idmap uid = 10000-20000
template homedir = /home/%D/%U
#winbind refresh tickets = yes
password server = arequipa.netsystemsinfo.com
winbind cache time = 600
allow trusted domains = yes
oplocks = no
level2oplocks = no
enable privileges = yes
host msdfs = no
msdfs root = no
strict locking = yes
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
[documentaries]
comment = Documentaries files
#inherit acls = Yes
inherit permissions = Yes
path = /Documentaries
read only = No
valid users = @NETSYSTEMSINFO.COM\Documentaries
[movies]
comment = Movies media files
#inherit acls = Yes
inherit permissions = Yes
path = /Movies
read only = No
valid users = @NETSYSTEMSINFO.COM\Movies
[series]
comment = Series media files
#inherit acls = Yes
inherit permissions = Yes
path = /Series
read only = No
valid users = @NETSYSTEMSINFO.COM\Series
hide unreadable =yes
This is all the info I can provide.Thank you for your support.
Victor
More information about the samba
mailing list