[Samba] Samba 3 and W2K3 AD intergration problems

Rob Mokkink Rob at MOKKINKSYSTEMS.com
Sun Jan 4 16:25:02 GMT 2004 

All,


Have already got Samba 3 and W2K Ad intergrating working in production
without any problems.
I have set up a test domain to test W2K3 and Samba3 on a Red Hat 8
server.

I did the following:

* Have set up the NTP Daemon to synchronize time with the W2K3 domain
controller.
* installed the latest Kerberos packages for Red Hat 8, maid sure that
krb5-workstation is installed.
* installed the samba 3 rpm's from www.samba.org
* configurered the smb.conf like this

[global]
workgroup = TEST
realm = TEST.CORP
server string = 
security = ADS
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
ldap ssl = no
idmap uid = 10000-65000
idmap gid = 10000-65000

[homes]
comment = Home Directories
read only = No
hosts allow = 192.168.0.0/24
browseable = Yes

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = Yes

 * this is my krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = TEST.CORP
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
TEST.CORP = {
kdc = 192.168.0.50:88
admin_server = 192.168.0.50:749
default_domain = test.corp
}

[domain_realm]
.test.corp = TEST.CORP
test.corp = TEST.CORP

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}


* i did a kinit administrator at TEST.CORP, this worked
* then net join -U administrator at TEST.CORP
* i saw in the W2K3 server that the linux server was successfully
intergrated into AD.
* from the Linux server i issued a smbclient //DCSRV01/C$ -k, this
worked
* then from the W2K3 server i tryed to go to the adminsitrator share on
the Linux server. \\RH8SMB\administrator
* i got a box which asked me for my username and password, i typed it in
and i did not work
* if i go to the share by ipadress is works \\192.168.0.55\administrator
or \\192.168.0.55

In the log files i found this:

smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!

I tryed the option:

use spnego = yes 

All with the same result.

Has anyone found a solution for this problem.


Regards,

Rob

More information about the samba mailing list