[Samba] ADS controller connection issue; clients work fine.
jra at samba.org
Sat Mar 20 01:25:13 GMT 2004
On Wed, Mar 17, 2004 at 11:31:40AM -0800, Tom Dickson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Jeremy Allison wrote:
> | On Wed, Mar 17, 2004 at 09:26:45AM -0800, Tom Dickson wrote:
> |>-----BEGIN PGP SIGNED MESSAGE-----
> |>Hash: SHA1
> |>I've joined Samba to the domain, and everything seems to work fine.
> |>Clients can login to their windows 2000 machines and access the Samba
> |>server, which authenticates using kerberos to the 2003 AD controller.
> |>However, if I logon ON the 2003 AD controller, it can't access the Samba
> |>server. The same user logged onto any of the clients does work fine.
> |>Changing the passwords and rebooting things does not seem to help.
> |>Am I missing something easy? I can get logs and config files if needed.
> | Debug 10 logs from the smbd would help.
> | Jeremy.
> | .
> Ok. See attached! Thank you!
Ok, looking at this it looks like you have a problem with encryption
types. Are you sure it's using krb5 to allow clients access ? It may
be falling back to NTLMSSP. What does your krb5.conf look like ? What
version of MIT Kerberos are you using ?
More information about the samba