[Samba] Issues with Samba 3.0.2 on OSX using ADS.

Huyler, Christopher M CHRISTOPHER.HUYLER at ca.com
Mon Apr 26 13:53:19 GMT 2004 

Can anyone help me with this?

-----Original Message-----
From: Huyler, Christopher M 
Sent: Friday, April 23, 2004 3:47 PM
To: samba at lists.samba.org
Subject: [Samba] Issues with Samba 3.0.2 on OSX using ADS.

We have a Win2K network at work and I've been trying to integrate my Mac
10.3 machine into the network.  It seems that once one thing is working,
something else is not. I have read through various Mac tutorials found
on the web but none seem to solve my problem.

Right now I have Active Directory Domain Logons working successfully but
Samba will not allow anyone (from Mac/Unix/Windows) to connect. I keep
getting the following entries in the /var/log/samba/log.smbd log:

[2004/04/23 15:07:03, 0]
/SourceCache/samba/samba-56/samba/source/smbd/server.c:main(747)
  smbd version 3.0.2 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2004
[2004/04/23 15:07:19, 1]
/SourceCache/samba/samba-56/samba/source/smbd/sesssetup.c:reply_spnego_k
erberos(173)
  Failed to verify incoming ticket!

I can't figure it out.  I'm positive that Kerberos is configured
correctly because I can run kinit and klist successfully and I can log
in using my domain account.  Here is some more info:

 [root at usfrosx1 root]# net ads leave -S usildc03 -U huych02%xxxxxxxx
Removed 'USFROSX1' from realm 'CA.COM'

[root at usfrosx1 root]# net ads testjoin -S usildc03 -U huych02%xxxxxxxx
[2004/04/23 15:33:27, 0]
/SourceCache/samba/samba-56/samba/source/libads/kerberos.c:ads_kinit_pas
sword(133)
  kerberos_kinit_password USFROSX1$@CA.COM failed: Client not found in
Kerberos database
Join to domain is not valid

[root at usfrosx1 root]# net ads join -S usildc03 -U huych02%xxxxxxxx
[2004/04/23 15:33:42, 0]
/SourceCache/samba/samba-56/samba/source/libads/ldap.c:ads_add_machine_a
cct(1086)
  Warning: ads_set_machine_sd: Unexpected information received
Using short domain name -- TANT-A01
Joined 'USFROSX1' to realm 'CA.COM'

[root at usfrosx1 root]# net ads testjoin -S usildc03 -U huych02%xxxxxxxx
Join is OK

After all that, I still get the reply_spnego_kerberos(173) errors.  Any
help would be appreciated, I have searched the net up and down and
nothing seems to help.  Below is a copy of my smb.conf file for
reference:

[global]

  netbios name = usfrosx1
  workgroup = TANT-A01
  server string = Mac OS X

  security = ads
  realm = CA.COM
  password server = USILDC03 USILDC05
  encrypt passwords = yes
  use spnego = yes
  client use spnego = yes

  printer admin = @admin, @staff
  unix charset = UTF-8-MAC
  display charset = UTF-8-MAC
  dos charset = 437
  guest account = unknown
  level2 oplocks = no

 [homes]
   comment = User Home Directories
   browseable = no
   read only = no

[public]
   path = /tmp
   public = yes
   writable = no
   printable = no

[printers]
  path = /tmp
  printable = yes

More information about the samba mailing list