[Samba] Samba 3.0.2 and Windows 2003 ADS.

Christian Arguello carguello at novadevices.com
Mon Jan 26 22:57:35 GMT 2004

I have installed samba 3.0.2 in my redhat 7.3, and Kerberos 1.2.4
I can make my Linux act as ADS Domain Membership whit out any problem,
When I made this command:
/usr/local/samba/bin/net ads join "Computers" -U<usuario>%<clave>
I get this message that tell me that everything is ok.
Using short domain name -- DOMAIN2003
Joined 'PROTON' to realm 'DOMAIN2003.COM'
I also have another PC with windows 2000, which is joined too, to my
Windows 2003 Server. From my Linux I can connect with out any problem to
this machine using "smbclient" and with no password. But when I try to
connect form Windows 2000 to my Linux using this command: "net use *
\\server\share <file:///\\server\share> ", it asks me for a password,
and in the samba log I see this:
[2004/01/26 17:41:57, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
What is missing?? What am I doing wrong??? 
In the HOW-to say that to probe this kind of configuration I have to use
the "net" command form Windows, and if it doesn't work I have to use
"klist tickets", when I run that command I get this:
[root at proton root]# klist tickets
klist: No credentials cache found (ticket cache FILE:tickets)
Wich ticket is missing?? Or how do I have to add a ticket???
My krb5.com looks like this:
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
 ticket_lifetime = 24000
 default_realm = DOMAIN2003.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 default_tkt_enctypes = DES-CBC-MD5
 default_tgs_enctypes = DES-CBC-MD5
DOMAIN2003.COM = {
  kdc = server2003.domain2003.com:88
  admin_server = server2003.domain2003.com:749
  default_domain = domain2003.com
  .domain2003.com = DOMAIN2003.COM
  comain2003.com = DOMAIN2003.COM
 profile = /var/kerberos/krb5kdc/kdc.conf
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
And my smb.conf like this:
        workgroup = domain2003
        netbios name = proton
        server string = Inetserver
        domain master = no
        local master = yes
        preferred master = yes
        max connections = 0
        interfaces =
        name resolve order = bcast wins hosts
        socket options = TCP_NODELAY
        security = ADS
        realm = domain2003.com
        encrypt passwords = yes
        update encrypted = yes
        unix password sync = yes
        printing = lprng
        printcap name = /etc/printcap
        load printers = yes
        dns proxy = yes
        allow trusted domains = yes
        wins support = no
        password server = server2003
        winbind cache time = 10
   comment = Home Directories
   writable = yes
   browseable = no
   valid users = %U
        comment = Logon scripts
        path = /home/netlogon
        read only = yes
        write list = @users
        comment = Profiles directory
        path = /home/profiles
        read only = no
        create mask = 0600
        directory mask = 0700
        public = yes
        writeable = yes
        comment = Instaladores
        path = /home/samba/install
        force directory mode = 0777
Thanks in advance..

More information about the samba mailing list