inconsistent drive mappings + many other errors

Grimes, David david.grimes at
Thu Jul 15 17:23:13 GMT 2004

Thanks for the reply. 
AD server and samba box are running off the same time server and have a
precision of 12 usec's. Do you suggest the Kerberos problem is between the
samba and AD box or between the client and the samba box? If it were the
samba and AD I would assume all auth attempts would fail not just those from
2000 clients. I'm also not so sure that there is any Kerberos done between
the client and the samba server... please correct me if I am wrong. 
Also if there is ANY other info that I should provide to help in diagnosing
these please let me know.
As far as the network hardware the few machines that are using the samba box
are new dells with Intel GbE cards and a brand spankin new Cisco 5600 
Any how I appreciate the response. I've included krb5.conf below are these
encryption settings correct?

 ticket_lifetime = 24000
 default_realm = BELOCORP.COM
 dns_lookup_realm = true
 dns_lookup_kdc = true
 default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
 default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc

-----Original Message-----
From: Jeremy Allison [mailto:jra at] 
Sent: Thursday, July 15, 2004 12:09 PM
To: Grimes, David
Cc: samba-technical at
Subject: Re: inconsistent drive mappings + many other errors

On Thu, Jul 15, 2004 at 11:34:17AM -0500, Grimes, David wrote:
> I have searched the web and mailing lists for a couple weeks on this one
> have come up empty handed on this one, I appreciate and thoughts or
> insights. Or ideas. Or suggestions. Or comments. Empathy is welcome....
> We have recently migrated to an 2003 AD and I have been tasked with
> upgrading the samba servers to 3.0. I've received new hardware (Dell 2650)
> and slapped ES 3.0 with all the latest updates. As it stands we have
> with 2000 machines being unable to access shares (authentication fails)
> using the UNC. They can however open the share and authenticate
> by IP. If I tail the log on the samba server I get these errors....
> [2004/07/15 10:21:52, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
>   Failed to verify incoming ticket!

Ok, you have a kerberos problem. Common problems here are wrong enc type,
and clock skew. Not enough info in this message to diagnose.

> Users on XP don't exhibit this problem. However, we all have an
> problem getting a drive mapped on log in. Sometimes it just doesn't show
> If we  log out and back in then the drive gets mapped. Tailing the logs
> shows this error in /var/log/messages..
> Jul 15 11:16:17 bifs2 pam_winbind[19990]: user 'ADDOMAIN+aduser' granted
> acces
> Jul 15 11:16:17 bifs2 pam_winbind[19990]: pam_parse: unknown option;
> service=system-auth
> Jul 15 11:16:52 bifs2 smbd[19991]: [2004/07/15 11:16:52, 0]
> lib/util_sock.c:get_peer_addr(952) 
> Jul 15 11:16:52 bifs2 smbd[19991]:   getpeername failed. Error was
> endpoint is not connected 
> Jul 15 11:16:52 bifs2 smbd[19991]: [2004/07/15 11:16:52, 0]
> lib/util_sock.c:write_socket_data(388) 
> Jul 15 11:16:52 bifs2 smbd[19991]:   write_socket_data: write failure.
> = Connection reset by peer 

Looks like clients dropping connections. Check your network hardware.


More information about the samba-technical mailing list