[Samba] Re: samba 3 mandrake rpms...feedback

Tim Jordan timothy_jordan at labor.state.ak.us
Wed Dec 10 02:47:34 GMT 2003 

Samba list please help me...

Do I have to have DES-CBC-MD5 to connect from a windows xp or 2k pc?

I noticed the Official Samba How-To say Samba can use both DES-CBC-MD5 & ARCFOUR-HMAC-MD5.  
The later doesn't seem to work for me.


Mandrake 9.2
samba3.0.1-0.pre3.2.mkd


> [2003/12/09 17:13:20, 3]
> libads/kerberos_verify.c:ads_verify_ticket(325)
>   ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption
> type)
> [2003/12/09 17:13:20, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
>   Failed to verify incoming ticket!
> [2003/12/09 17:13:20, 3] smbd/error.c:error_packet(118)
>   error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
> [2003/12/09 17:13:20, 3] smbd/process.c:timeout_processing(1099)
>   timeout_processing: End of file from client (client has
> disconnected).


This is my klist -e:


> alid starting     Expires            Service principal
> 12/09/03 14:31:15  12/10/03 00:31:47  krbtgt/MYDOMAIN.AK at MYDOMAIN.AK
>         renew until 12/10/03 14:31:15, Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CRC-32
> 12/09/03 14:32:12  12/10/03 00:31:47  mypdc$@LABOR.AK
>         renew until 12/10/03 14:31:15, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
> 12/09/03 14:32:34  12/10/03 00:31:47  myxpbox$@LABOR.AK
>         renew until 12/10/03 14:31:15, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
> 
> 
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached


I'm going crazy trying to get this to work...
Thank you,
Tim



smb.conf
#======================= Global Settings
=====================================
[global]

# 1. Server Naming Options:
   workgroup = MYDOMAIN
   realm = MYDOMAIN.AK
   server string = Samba Server %v
# 2. Printing Options:
   printcap name = cups
   load printers = yes
   printing = cups
# This should work well for winbind:
  printer admin = @"Domain Admins"

# 3. Logging Options:
   log file = /var/log/samba3/log.%m
   max log size = 50
   log level = 3

# 4. Security and Domain Membership Options:
   security = ads
   password server = IP OF PDC
   encrypt passwords = yes

# 5. Winbind
   winbind uid = 10000-20000
   winbind gid = 10000-20000
   winbind use default domain = yes
   allow trusted domains = no
   template homedir = /home/%D/%U
   obey pam restrictions = yes
   template shell = /bin/bash

# 5. Browser Control and Networking Options:
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   local master = no
   os level = 0
   domain master = no
   preferred master = no

# 6. Domain Control Options:
   domain logons = no
   add user script = /usr/sbin/useradd -s /bin/false '%u'
   idmap uid = 10000-20000
   idmap gid = 10000-20000


# 7. Name Resolution Options:
   name resolve order = wins lmhosts bcast
   wins server = IP OF WINS SERVER
   dns proxy = no 


#============================ Share Definitions
==============================
[homes]
   comment = Home Directories
   browseable = no
   writable = yes

More information about the samba mailing list