[Samba] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket!

joysn at gmx.net joysn at gmx.net
Tue Feb 1 22:04:49 GMT 2005


i have troubles to connect to a samba 3.0.10 which is configured
to be an AD domain member using it's netbios name rather than it's
ip address from a windows 2000 professionall machine with sp4
the ADS is a w2k server with sp4.
i use MIT kerberos 1.3.6 on a debian sarge machine, which sould not
require a krb5.conf as found in the samba howto collection.
i have read some postings with the same subject, but i didn't get a
solution from the answers given.


netbios name = server-samba
security = ADS
realm = BS1.ADS.LOCAL
password server = w2k-srv.bs1.ads.local
client use spnego = yes
use spnego = yes
workgroup = BS1_ADS
server string = %h server (Samba %v)
wins server =
dns proxy = no
name resolve order = lmhosts host wins bcast
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
encrypt passwords = true
passdb backend = tdbsam guest
obey pam restrictions = no
invalid users = root
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template home dir = /home/%U
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes

comment = Test
path = /tmp
read only = yes

/etc/hosts:       localhost.localdomain   localhost       debian   w2k-srv.bs1.ads.local w2k-srv

i use the ADS as dns server in resolv.conf.

when connecting using the ip address of the samba machine all works
fine, but when i use the netbios name i always get a login dialog...
whats wrong with this setup?



"The greatest proof that intelligent life other that humans exists in
 the universe is that none of it has tried to contact us!"

More information about the samba mailing list