[Samba] failing to browse unix shares with samba 3.0.2a

Moshe Shaham Moshe at netscreen.com
Thu Apr 1 01:00:53 GMT 2004

I was runing a sniffer on the Solaris host and on the windows kdc server and
I found out the samba server doesn't initiate any connection to the windows
kdc server when the windows client is trying to browse the samba shares. I
would expect that it will consult the windows kdc server. Am I wrong in my


-----Original Message-----
From: Moshe Shaham [mailto:Moshe at netscreen.com]
Sent: Wednesday, March 31, 2004 2:50 PM
To: 'RRuegner'; Moshe Shaham
Cc: 'samba at lists.samba.org'
Subject: RE: [Samba] failing to browse unix shares with samba 3.0.2a

It set up as security=ads
This is my smb.conf:
netbios name = shark
        workgroup = MYDOMAINNAME
        realm = MYDOMAINNAME
        server string = Samba Server
        log file = /opt/samba3.0/var/log.%m
        log level = 5
        max log size = 50
        security = ads
        local master = no
        os level = 0
        domain master = no
        preferred master = no
        wins support = no
        wins server =,
        dns proxy = no
        password server = mywindows2003kdc  
        encrypt passwords = yes
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /home/%D/%U
        template shell = /bin/bash
        winbind separator = +


-----Original Message-----
From: RRuegner [mailto:robert at ruegner.org]
Sent: Wednesday, March 31, 2004 1:05 PM
To: Moshe Shaham
Cc: 'samba at lists.samba.org'
Subject: Re: [Samba] failing to browse unix shares with samba 3.0.2a

Moshe Shaham schrieb:

> We upgraded our Solaris 9 samba server to version 3.0.2a and configured
> Kerberos MIT 1.3.2. 
> I was able to run kinit and join samba to our windows 2003 domain as a
> domain member, but when I am trying to browse the samba shares from a
> windows XP machine it is failing. When I am looking at the samba logs this
> is what I am getting:
>   [2004/03/30 11:15:26, 3] libads/kerberos_verify.c:ads_verify_ticket(323)
>   ads_verify_ticket: enc type [3] failed to decrypt with error Decrypt
> integrity check failed
> [2004/03/30 11:15:26, 3] libads/kerberos_verify.c:ads_verify_ticket(330)
>   ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
> [2004/03/30 11:15:26, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
>   Failed to verify incoming ticket!
> [2004/03/30 11:15:26, 3] smbd/error.c:error_packet(94)
>   error string = No such file or directory
> [2004/03/30 11:15:26, 3] smbd/error.c:error_packet(118)
>   error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX)
> I was trying to run smbclient -k '\\machine\share' and it failed. After
> initiating the kinit command I was then able to run the smbclient -k
> command. Accessing the shares from a windows box is still failing.
> I am  little confused, do I need to create a Kerberos database in the
> server and manage the users tickets? My understanding is that I am
> authenticating against windows 2003 Kerberos database.
> Thanks,
> Moshe
where is your smb.conf, this looks like that you dont set security = user
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list