samba 3.0.4/linux spnego problem with w2003
Pitrich, Karl
karl.pitrich at fabasoft.com
Thu Jul 8 14:55:24 GMT 2004
hi,
i configured a samba 3.0.4 server to be a member server of a
windows 2003 active directory domain.
kerberos is configured properly, as kinit works and i am able to get a
ticket for the domain users in ActiveDirectory, which also exist as
local users without a password. (i can pam_krb-login against the AD
domain)
with samba, however, spnego authentication seems not to work:
/var/log/samba/log.vmdc
[2004/07/08 16:46:49, 2] smbd/sesssetup.c:setup_new_vc_session(602)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would
close all old resources.
[2004/07/08 16:46:49, 1] smbd/sesssetup.c:reply_spnego_kerberos(174)
Failed to verify incoming ticket!
and:
smbclient //vmdc/c$ -k
krb5_get_credentials failed for vmdc$@VMDOM.LOCAL (Unknown error
2529638953)
spnego_gen_negTokenTarg failed: Unknown error 2529638953
session setup failed: NT_STATUS_OK
i did a 'net ads join' and a 'net rpc join'.
my 'samba setup procedure' works for me(tm) against a windows2000 domain
controller with active directory.
is there some 'secret' setting on w2003?
thanks for hints & tips,
/ karl
samba config:
[global]
workgroup = VMDOM
realm = VMDOM.LOCAL
server string = vmsamba
idmap uid = 10000-65000
idmap gid = 10000-65000
allow trusted domains = yes
hosts allow = 192.168.100. 127.
security = ADS
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
[homes]
comment = Home Directory
browseable = no
writable = yes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040708/3c30dbf9/attachment.bin
More information about the samba-technical
mailing list