samba 3.0.4/linux spnego problem with w2003

Pitrich, Karl karl.pitrich at
Thu Jul 8 14:55:24 GMT 2004


i configured a samba 3.0.4 server to be a member server of a
windows 2003 active directory domain.

kerberos is configured properly, as kinit works and i am able to get a
ticket for the domain users in ActiveDirectory, which also exist as
local users without a password. (i can pam_krb-login against the AD

with samba, however, spnego authentication seems not to work:

  [2004/07/08 16:46:49, 2] smbd/sesssetup.c:setup_new_vc_session(602)
    setup_new_vc_session: New VC == 0, if NT4.x compatible we would
    close all old resources.
  [2004/07/08 16:46:49, 1] smbd/sesssetup.c:reply_spnego_kerberos(174)
    Failed to verify incoming ticket!


smbclient //vmdc/c$ -k
krb5_get_credentials failed for vmdc$@VMDOM.LOCAL (Unknown error
spnego_gen_negTokenTarg failed: Unknown error 2529638953
session setup failed: NT_STATUS_OK

i did a 'net ads join' and a 'net rpc join'.

my 'samba setup procedure' works for me(tm) against a windows2000 domain
controller with active directory.

is there some 'secret' setting on w2003?

thanks for hints & tips,

 / karl

samba config:


   workgroup = VMDOM
   realm = VMDOM.LOCAL
   server string = vmsamba

   idmap uid = 10000-65000
   idmap gid = 10000-65000

   allow trusted domains = yes
   hosts allow = 192.168.100. 127.
   security = ADS
   encrypt passwords = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

   comment = Home Directory
   browseable = no
   writable = yes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list