[Samba] Bizarre bug

Dan Rowles d.rowles at outcometechnologies.com
Fri Dec 5 22:16:13 GMT 2003


Hi there,

I'm running Debian 3.0, Samba version 3.0.0-Debian, on a dual-k7 system.

I have set up Samba and Winbind, and joined my samba server (called
"anna") to our domain. wbinfo -u returns me a list of users in the
domain. kinit allows me to fetch kerberos tickets, and smbclient -k
//pds/sharename connects just fine.

When I try to connect to the samba server from the PDC (or from any
windows machine), the connect fails. On the samba server, I see a log
mwssage stating that 

smbd/sesssetup.c:reply_spnego_kerberos(172) 
  Failed to verify incoming ticket!

Now, the odd thing about this is that, if I connect to the server by IP
address (\\123.123.123.123), then it works fine. Also, if I set up an
entry in my smb.conf file to say "netbios name = anna2", then connecting
to this server also works fine.

I'm guessing that all of this is telling me that my kerberos config is
broken in some way (I'm assuming that connecting under an alternate name
means that the kerberos credentials don't get sent). I've therefore
focused my efforts on fixing my kerberos configuration.

I have tried following the procedure at
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.aspto manually create a keytab file, and installed that under /etc/krb5.keytab. I've tried all possible variations on the hostname I can think of, including "host/anna at REALM", "host/anna$@REALM", "host/anna.DOMAIN.NAME at REALM", "anna$@REALM", and none of these have made any difference. I've checked the clock synchronisation. 

I should also point out that, as far as I can tell, the Debian version
of Samba 3.0 has not been compiled with LDAP support (ldap server =
produces an error if included in the config file). Is this the problem -
or should I still be able to get it to work?

Any help / pointers / ideas gratefully received.

Thanks,

Dan


More information about the samba mailing list