[Samba] failing to browse unix shares with samba 3.0.2a

Moshe Shaham Moshe at netscreen.com
Wed Mar 31 22:50:12 GMT 2004 

It set up as security=ads
This is my smb.conf:
netbios name = shark
        workgroup = MYDOMAINNAME
        realm = MYDOMAINNAME
        server string = Samba Server
        log file = /opt/samba3.0/var/log.%m
        log level = 5
        max log size = 50
        security = ads
        local master = no
        os level = 0
        domain master = no
        preferred master = no
        wins support = no
        wins server = 10.70.130.2, 10.80.20.4
        dns proxy = no
        password server = mywindows2003kdc  
        encrypt passwords = yes
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /home/%D/%U
        template shell = /bin/bash
        winbind separator = +


Thanks,
Moshe

-----Original Message-----
From: RRuegner [mailto:robert at ruegner.org]
Sent: Wednesday, March 31, 2004 1:05 PM
To: Moshe Shaham
Cc: 'samba at lists.samba.org'
Subject: Re: [Samba] failing to browse unix shares with samba 3.0.2a


Moshe Shaham schrieb:

> We upgraded our Solaris 9 samba server to version 3.0.2a and configured
> Kerberos MIT 1.3.2. 
> I was able to run kinit and join samba to our windows 2003 domain as a
> domain member, but when I am trying to browse the samba shares from a
> windows XP machine it is failing. When I am looking at the samba logs this
> is what I am getting:
>   [2004/03/30 11:15:26, 3] libads/kerberos_verify.c:ads_verify_ticket(323)
>   ads_verify_ticket: enc type [3] failed to decrypt with error Decrypt
> integrity check failed
> [2004/03/30 11:15:26, 3] libads/kerberos_verify.c:ads_verify_ticket(330)
>   ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
> [2004/03/30 11:15:26, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
>   Failed to verify incoming ticket!
> [2004/03/30 11:15:26, 3] smbd/error.c:error_packet(94)
>   error string = No such file or directory
> [2004/03/30 11:15:26, 3] smbd/error.c:error_packet(118)
>   error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
> 
> I was trying to run smbclient -k '\\machine\share' and it failed. After
> initiating the kinit command I was then able to run the smbclient -k
> command. Accessing the shares from a windows box is still failing.
> 
> I am  little confused, do I need to create a Kerberos database in the
samba
> server and manage the users tickets? My understanding is that I am
> authenticating against windows 2003 Kerberos database.
> 
> Thanks,
> Moshe
> 
where is your smb.conf, this looks like that you dont set security = user

More information about the samba mailing list