[Samba 4] Access to GPO failed
Andrew Bartlett
abartlet at samba.org
Fri Dec 12 03:39:21 GMT 2008
On Fri, 2008-12-12 at 09:53 +0700, Son Nguyen wrote:
> Son Nguyen wrote:
> > Volker Lendecke wrote:
> >> On Wed, Dec 10, 2008 at 10:11:31AM -0500, Wes Deviers wrote:
> >>
> >>> I haven't said anything or really tracked down much on the behavior;
> >>> I've assumed lots of people are using recent SVN pulls with
> >>> everything working
> >>
> >> You really mean SVN? We switched to git months ago. See
> >> http://us6.samba.org/samba/devel/ and
> >> http://wiki.samba.org/index.php/Samba4/HOWTO for info how to
> >> get the latest code.
> >>
> >> Volker
> >>
> > I've duplicated this error today with the new version from GIT.
> > #define SAMBA_VERSION_GIT_COMMIT_DATE "Wed Dec 10 17:03:53 2008 -0800"
> > #define SAMBA_VERSION_OFFICIAL_STRING "4.0.0alpha6-GIT-d7d525b"
> >
> > Are there some body have experience in working with Samba4 GPOs?
> > Please give me your ideas about this error.
> > I also favorite in deploy samba4 with ldap backend (OpenLDAP, or
> > CentDS). I try to follow document from Samba Wiki but there are some
> > error when I provision Samba4. Please let me know if you have other
> > document.
> >
> > Thank a lot,
> > Son Nguyen
> >
> Hi all,
> After reading samba log file and network capture file, I think that
> this error is related with KRB5.
>
> * Log file: Kerberos: Failed building TGS-REP to 192.168.9.131
> * Capture file: KRB Error: KRB5KDC_ERR_S_PRINCIPAL_UNKNOW (packet
> number 46)
I think this is a very reasonable conclusion. The cases where this has
worked are probably those where the CIFS connection is already up, so
re-authentication is not required.
The challenge is: Which host should this principal (cifs/my.realm)
point to? Or do all the hosts share a 'realm password' (perhaps the
krbtgt password?) to decrypt such a ticket?
I'll ask for clarification from Microsoft (unless someone here already
knows)
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20081212/da71607d/attachment.bin
More information about the samba-technical
mailing list