[Samba] failing to browse unix shares with samba 3.0.2a
Moshe Shaham
Moshe at netscreen.com
Thu Apr 1 01:00:53 GMT 2004
I was runing a sniffer on the Solaris host and on the windows kdc server and
I found out the samba server doesn't initiate any connection to the windows
kdc server when the windows client is trying to browse the samba shares. I
would expect that it will consult the windows kdc server. Am I wrong in my
assumption?
Thanks,
Moshe
-----Original Message-----
From: Moshe Shaham [mailto:Moshe at netscreen.com]
Sent: Wednesday, March 31, 2004 2:50 PM
To: 'RRuegner'; Moshe Shaham
Cc: 'samba at lists.samba.org'
Subject: RE: [Samba] failing to browse unix shares with samba 3.0.2a
It set up as security=ads
This is my smb.conf:
netbios name = shark
workgroup = MYDOMAINNAME
realm = MYDOMAINNAME
server string = Samba Server
log file = /opt/samba3.0/var/log.%m
log level = 5
max log size = 50
security = ads
local master = no
os level = 0
domain master = no
preferred master = no
wins support = no
wins server = 10.70.130.2, 10.80.20.4
dns proxy = no
password server = mywindows2003kdc
encrypt passwords = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/%D/%U
template shell = /bin/bash
winbind separator = +
Thanks,
Moshe
-----Original Message-----
From: RRuegner [mailto:robert at ruegner.org]
Sent: Wednesday, March 31, 2004 1:05 PM
To: Moshe Shaham
Cc: 'samba at lists.samba.org'
Subject: Re: [Samba] failing to browse unix shares with samba 3.0.2a
Moshe Shaham schrieb:
> We upgraded our Solaris 9 samba server to version 3.0.2a and configured
> Kerberos MIT 1.3.2.
> I was able to run kinit and join samba to our windows 2003 domain as a
> domain member, but when I am trying to browse the samba shares from a
> windows XP machine it is failing. When I am looking at the samba logs this
> is what I am getting:
> [2004/03/30 11:15:26, 3] libads/kerberos_verify.c:ads_verify_ticket(323)
> ads_verify_ticket: enc type [3] failed to decrypt with error Decrypt
> integrity check failed
> [2004/03/30 11:15:26, 3] libads/kerberos_verify.c:ads_verify_ticket(330)
> ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
> [2004/03/30 11:15:26, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
> Failed to verify incoming ticket!
> [2004/03/30 11:15:26, 3] smbd/error.c:error_packet(94)
> error string = No such file or directory
> [2004/03/30 11:15:26, 3] smbd/error.c:error_packet(118)
> error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
>
> I was trying to run smbclient -k '\\machine\share' and it failed. After
> initiating the kinit command I was then able to run the smbclient -k
> command. Accessing the shares from a windows box is still failing.
>
> I am little confused, do I need to create a Kerberos database in the
samba
> server and manage the users tickets? My understanding is that I am
> authenticating against windows 2003 Kerberos database.
>
> Thanks,
> Moshe
>
where is your smb.conf, this looks like that you dont set security = user
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list