[Samba] Samba 3 and W2K3 AD intergration problems

Jochen Schmidt jochen.schmidt at millenux.com
Sun Jan 4 17:35:39 GMT 2004 

Hi Rob,

RedHat uses MIT Kerberos 1.2.7. I suggest you to use krb Version 1.3.1.
You can find precompiled RPMs for RedHat Enterprise Linux 3 at
http://www.millenux.com/~jschmidt/samba/linux/rhas3/ . Maybe they work
also with RH8.

Greetings

Yoshi

On Sun, 4 Jan 2004, Rob Mokkink wrote:

> All,
>
>
> Have already got Samba 3 and W2K Ad intergrating working in production
> without any problems.
> I have set up a test domain to test W2K3 and Samba3 on a Red Hat 8
> server.
>
> I did the following:
>
> * Have set up the NTP Daemon to synchronize time with the W2K3 domain
> controller.
> * installed the latest Kerberos packages for Red Hat 8, maid sure that
> krb5-workstation is installed.
> * installed the samba 3 rpm's from www.samba.org
> * configurered the smb.conf like this
>
> [global]
> workgroup = TEST
> realm = TEST.CORP
> server string =
> security = ADS
> log file = /var/log/samba/log.%m
> max log size = 50
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> ldap ssl = no
> idmap uid = 10000-65000
> idmap gid = 10000-65000
>
> [homes]
> comment = Home Directories
> read only = No
> hosts allow = 192.168.0.0/24
> browseable = Yes
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> printable = Yes
> browseable = Yes
>
>  * this is my krb5.conf
>
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> ticket_lifetime = 24000
> default_realm = TEST.CORP
> dns_lookup_realm = false
> dns_lookup_kdc = false
>
> [realms]
> TEST.CORP = {
> kdc = 192.168.0.50:88
> admin_server = 192.168.0.50:749
> default_domain = test.corp
> }
>
> [domain_realm]
> .test.corp = TEST.CORP
> test.corp = TEST.CORP
>
> [kdc]
> profile = /var/kerberos/krb5kdc/kdc.conf
>
> [appdefaults]
> pam = {
> debug = false
> ticket_lifetime = 36000
> renew_lifetime = 36000
> forwardable = true
> krb4_convert = false
> }
>
>
> * i did a kinit administrator at TEST.CORP, this worked
> * then net join -U administrator at TEST.CORP
> * i saw in the W2K3 server that the linux server was successfully
> intergrated into AD.
> * from the Linux server i issued a smbclient //DCSRV01/C$ -k, this
> worked
> * then from the W2K3 server i tryed to go to the adminsitrator share on
> the Linux server. \\RH8SMB\administrator
> * i got a box which asked me for my username and password, i typed it in
> and i did not work
> * if i go to the share by ipadress is works \\192.168.0.55\administrator
> or \\192.168.0.55
>
> In the log files i found this:
>
> smbd/sesssetup.c:reply_spnego_kerberos(172)
> Failed to verify incoming ticket!
>
> I tryed the option:
>
> use spnego = yes
>
> All with the same result.
>
> Has anyone found a solution for this problem.
>
>
> Regards,
>
> Rob
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

-- 
mit freundlichen Grüßen

Jochen Schmidt

--------------------------------------------------------------------
Jochen Schmidt                           jochen.schmidt at millenux.com
Mi||enux GmbH                                mobile: +49.175.5752483
Lilienthalstraße 2                          phone: +49.711.88770.300
70825 Stuttgart-Korntal                       fax: +49.711.88770.349
      -= linux without limits -=- http://linux.zSeries.org/ =-
PGP Fingerprint:  6F9A 85CE 78EA 7EF1 B2BA  3559 8FA1 2B13 098D 20B5

More information about the samba mailing list