[Samba] Samba 3.0.2a and ADS w2k3 Kerberos authentication problem

Duran Munoz, Pedro Pedro.Duran at fujitsu-siemens.com
Wed Apr 14 15:47:35 GMT 2004 

 
Thanks Jim for you reply.
 
When I said Kerberos packed is 1.2.27 default redhat9 included, I mind
what I use krb5-libs-1.2.27-10 from Redhat9. As you can see I am a
Linux beginner guy.
 
I have changed the Registry in my w2k3 DC as you tell me down without
any success ( I have create other ticket with "ktpass" tool and it was
apply to Samba server)
 
The other way for try solve the problem is : Update Kerberos in Redhat9
( Samba server) is possible to use an rpm packed from web, or I must
recompile the kernel including this Kerberos packed, in this case which
Kerberos packed I must use, and which could the correct procedure for
update ( I remember to you I am a Linux beginner and never I have
compile nothing).
 
Thanks in advanced for you help 

Saludos / Best Regards 

Pedro 



________________________________

From: Jim McDonough [mailto:jmcd at us.ibm.com] 
Sent: Wednesday, April 14, 2004 3:23 PM
To: Duran Munoz, Pedro
Cc: samba at lists.samba.org; samba-bounces+jmcd=samba.org at lists.samba.org
Subject: Re: [Samba] Samba 3.0.2a and ADS w2k3 Kerberos authentication
problem



>I am using Samba 3.0.2a as Domain member into ADS w2k3 domain. net ads
>join -U administrator work fine.
>wbinfo -u and -g works fine.
>I am able to mapped Samba shares with IP address (\\192.168.0.x\share)
>but it does not works if I use netbios name ( \\redhat9\share) the
>system asks me for authentication but never I get into the Samba server
>( Login and password are invalid ). 

>Kerberos packed is 1.2.27 default redhat9 included.
Well, when I read this last line, I assumed that you've just run into
the w2k3 doesn't deal with non-rc4-hmac kerberos (that would be pre-1.3
MIT kerberos), but it is strange that you can map via IP address...

There are several things to try here:
-upgrade kerberos to post 1.3
-try fixing windows, which has multiple options.  See
http://support.microsoft.com/default.aspx?scid=kb;en-us;833708

But the fact that it works via IP address puzzles me...

----------------------------
Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074
USA

jmcd at us.ibm.com 
jmcd at samba.org

Phone: (207) 885-5565
IBM tie-line: 776-9984

More information about the samba mailing list