[Samba] Failed to verify incoming ticket - Samba 3.0 ADS

Alex Needham intersystems at ntlworld.com
Mon Nov 24 21:25:14 GMT 2003 

Hi Folks

I have winbind showing all users and groups from my windows 2k3 AD, net ads
join worked fine, set up a test share, changed the owner to be something
from the AD through winbind and the group to 10000 (Domain Users) even
chmodded 777 to make sure permissions werent a problem, but I keep getting

[2003/11/24 16:52:56, 2] smbd/sesssetup.c:setup_new_vc_session(535)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2003/11/24 16:52:56, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
  Failed to verify incoming ticket!
[2003/11/24 16:52:56, 2] smbd/server.c:exit_server(558)
  Closing connections

In the logs, I have to assume this is part of the problem, also if the kinit
times out I get nothing and have to reauthenticate, I currently have my pop
and imap services authenticating against the AD, but I had to do a lot of
buggering about on the w2k3 box with ktpass and such to get it working, so I
know that it is possible to authenticate via kerberos against a w2k3AD, with
preauthentication turned off.

Do I need to change the passdb backend to LDAP? (as well as finding out what
problem lies in the kerberos).

smb.conf

[global]
        workgroup = <AREALM>
        realm = <AREALM.COM>
        security = ADS
        password server = 192.168.0.42
        encrypt passwords = yes
        log level = 2
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template shell = /bin/bash
        winbind separator = +
        winbind use default domain = Yes
        client use spnego = yes

[export]
        comment = Test Share
        path = /export/test
        admin users = Administrator
        read list = <AUSER>
        write list = <AUSER>
        read only = No
        create mask = 0700
        directory mask = 0700

root at twerp export]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator@<AREALM.COM>
Valid starting     Expires            Service principal
11/24/03 16:30:14  11/25/03 02:28:48  krbtgt/<AREALM.COM>@<AREALM.COM>


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

Any help greatfully accepted,

Rgds

Alex Needham

Stealth IT Bloke, Intersystems

More information about the samba mailing list