[Samba] Kerberos negotion error? reply_spnego_kerberos(250)

Ryan.Worthington at westam.com Ryan.Worthington at westam.com
Fri Jan 14 15:41:45 GMT 2005

On Thu, 2005-01-13 at 11:04 -0600, Ryan.Worthington at westam.com wrote:
>> Good morning everyone, 
>> I have had Samba 3.0.9 running on Solaris, connected to a Windows AD 
>> domain for a couple of weeks now, and i've suddenly started getting the 

>> following errors:
>> [2005/01/07 11:31:55, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>>   Username <domain>\IT075$ is invalid on this system

>So, are you running winbindd, and is it really Samba 3.0.9?  These are
>requests for machine accounts, as the local system service is performing
>a network activity.  Winbindd has been providing these accounts for a
>number of versions now.  If you don't run winbindd, then it's your
>responsibility to provide all the equivalent accounts.
>Andrew Bartlett

Yes, this is really version 3.0.9 according to wbinfo -V

As it turns out, winbindd wasn't running. Doesn't it start automatically? 
If not, how would I ensure that it does? 

Also, I've been reading on winbindd, and I'm wondering if its really 
necessary for what I want to accomplish. All I'm trying to do is allow 
Windows hosts to access files on a Unix (Solaris) server. I don't want my 
users logging on to the servers with their Windows credentials. With this 
in mind, is it necessary to configure nsswitch.conf? When you mention 
machine accounts, are you saying its necessary to create accounts for each 
machine in smbpasswd? 

Please forgive my ignorance, Samba is brand new to me.

Ryan Worthington
Systems and Network Analyst
"Difficile est satiram non scribere."

This message is confidential and may be privileged. It is
intended solely for the named  addressee. If you are not the
intended recipient please inform us. Any unauthorised
dissemination, distribution or copying hereof is prohibited.
As we cannot guarantee the  genuineness or completeness of
the information contained in this message, the statements
set forth above are not legally binding.

More information about the samba mailing list