[Samba] Samba 3.0 client connection error
Fallsen, Tommy
Tommy.Fallsen at kongsberg.com
Wed Nov 19 07:02:51 GMT 2003
Hi
I successfully joined the AD as member server, smbclient
\\\\hostname\\homes -U username works,
but on a windows 2000 client connecting to the homes share using \\hostname
failes with
[2003/11/13 16:39:46, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
[2003/11/13 16:39:46, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
[2003/11/13 16:39:51, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
[2003/11/13 16:42:38, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
[2003/11/13 16:42:38, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
[2003/11/13 16:48:14, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
[2003/11/13 16:48:14, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
Oddly connecting to the share \\ip-adress works just fine, no errors.
Is there something wrong with my setup?
My smb.conf
[global]
workgroup = ????
realm = ????.?????????.COM
netbios name = hostname
security = ADS
password server = ads server
log file = /opt/samba/var/log.%m
max log size = 50
preferred master = No
local master = No
domain master = No
dns proxy = No
wins proxy = Yes
wins server = ?.?.?.?
remote announce = ?.?.?.?
NIS homedir = Yes
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No
kdc.onf and krb5.conf
#
# Copyright 1998-2002 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#ident "@(#)kdc.conf 1.2 02/02/14 SMI"
[kdcdefaults]
kdc_ports = 88,750
[realms]
___default_realm___ = {
profile = /etc/krb5/krb5.conf
database_name = /var/krb5/principal
admin_keytab = /etc/krb5/kadm5.keytab
acl_file = /etc/krb5/kadm5.acl
kadmind_port = 749
max_life = 8h 0m 0s
max_renewable_life = 7d 0h 0m 0s
default_principal_flags = +preauth
}
#
#pragma ident "@(#)krb5.conf 1.2 99/07/20 SMI"
# Copyright (c) 1999, by Sun Microsystems, Inc.
# All rights reserved.
#
# krb5.conf template
# In order to complete this configuration file
# you will need to replace the __<name>__ placeholders
# with appropriate values for your network.
#
[libdefaults]
default_realm = ????.?????????.COM
[realms]
????.?????????.COM = {
kdc = ads server ip
admin_server = ads server ip
}
[domain_realm]
.????.?????????.com = ????.?????????.COM
????.?????????.com = ????.?????????.COM
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
kdc_rotate = {
# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used
# frequently.
period = 1d
# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)
versions = 10
}
[appdefaults]
kinit = {
renewable = true
forwardable= true
}
gkadmin = {
help_url = http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195
}
Thanks
Tommy Fallsen
More information about the samba
mailing list