[Samba] Cannot access shares from a Win2k client

Brian Spiegel BSpiegel at Matchnet.com
Fri Dec 19 22:52:55 GMT 2003

Hey all.

I'm running Samba 3.0.1 as a domain member in a Win2k3 ADS domain.  I'm
attempting to view shares on the samba server via a Win2000 client.

I've been getting the following messages from the smbd logs and I'm
wondering why.  I can connect to the Samba server (using the IP only) to
view which shares are available, but when I double click the share to access
it, I get a "network name cannot be found" on the share.

>From smbd log:
[2003/12/19 14:25:08, 3] libads/kerberos_verify.c:setup_keytab(147)
  unable to create MEMORY: keytab (Unknown Key table type)
[2003/12/19 14:25:08, 3] libads/kerberos_verify.c:ads_verify_ticket(280)
  ads_verify_ticket: unable to setup keytab
[2003/12/19 14:25:08, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
  Failed to verify incoming ticket!

Can anyone shed some light on what this might be caused by?

Also, I'm running winbind for UNIX/Windows user/group mapping.  The 'wbinfo
-u' command works, but it spits out only the user names rather than
DOMAIN\username.  Since usernames aren't unique across our OSes, 'getent
passwd' results in duplicate entries.  Groups are not prefixed by their
domain either.  Anyone have this problem?

Below are my configs:

; smbd settings
    log level = 3
    log file = /var/log/samba/log.%m
    server string = %U [Samba Server %v]
; Active Directory settings
;    dns proxy = yes
    workgroup = FOO
    security = ADS
    realm = FOO.COM
    local master = no
    domain master = no
    preferred master = no
    os level = 0
; winbind stuff
    winbind separator = +
    winbind enum users = yes
    idmap uid = 10000-20000
    winbind enum groups = yes
    idmap gid = 10000-20000
    winbind use default domain = yes
    password server = dc.foo.com
    encrypt passwords = yes

    comment = Samba functionality test directory
    path = /home/user/test/
    read only = no
    browsable = yes
    writable = yes
    guest ok = yes

 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

 ticket_lifetime = 24000
 default_realm = FOO.COM
 default_tgs_enctypes = des-cbc-crc des-cbc-md5 
 default_tkt_enctypes = des-cbc-crc des-cbc-md5 
 dns_lookup_realm = true
 dns_lookup_kdc = true

  FOO.COM = {
  kdc = dc.foo.com:88
  admin_server = dc.foo.com:749
  default_domain = foo.com

 .foo.com = FOO.COM
 foo.com = FOO.COM

 profile = /var/kerberos/krb5kdc/kdc.conf

 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false

 passwd:     files winbind
 shadow:     files
 group:      files winbind
 host:       files dns winbind

More information about the samba mailing list