[Samba] Problems after changing security = domain to security =
ads
Hamish
lists at subvs.co.uk
Tue Jun 7 09:58:43 GMT 2005
On Monday 06 June 2005 13:22, Hamish wrote:
> Hello all
> I have a samba domain member authenticating to a w2k3 server, after
> installing SP1, there were problems, and a solution I found was to change
> to security = ads. This seemed to work fine, but today no-one can get their
> home drives, and some people are denied access to shares where the
> permissions on the files are rwx for the user.
> I did not change anything other than the security line in smb.conf and
> rejoined the domain with `net ads join -U administrator` (this was
> successful)
>
> I find this in the samba log when users try to connect:
> [2005/06/06 13:16:17, 2] smbd/sesssetup.c:setup_new_vc_session(608)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
> old resources.
> [2005/06/06 13:16:17, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
> Failed to verify incoming ticket!
>
> I can do `kinit Administrator at MY.DOMAIN.NET` and it returns no errors (but
> no success either - if I put in a wrong password, it gives an error though,
> so i guess this is ok)
>
> Anyone have any ideas? or can I change back to security = domain with some
> other fix?
>
> Thanks,
> H
Looks like this might be a lonely troubleshoot, but here is more for anyone
who may experience similar symptoms... (and of course any kind people who
throw in a suggestion or two)
I have narrowed this down to what seems to be incompatable auth methods:
In XPsp2, I go to \\smbserver\fred - this shows either an empty folder, or an
error (I have hide unreadable = on, so this may be the cause)
With konqueror, (smbclient -V: Version 3.0.15pre2-0.1-SUSE) i can go to
smb:/user at smbserver - i get a user/pass dialog, and then i can see the
directory fine!
Is my logic right? The xp clients are using some other kind of auth or
connection than smbclient does?
The windows clients work ok, but it seems that the files they need to be chmod
740 at least (700, 710 does not work, file owned by user.domain users)
Rather than play around with permissions (that worked before the trouble
started) I would like to see what xpsp2 and smbclient do differently - please
could anyone help with this?
Thanks,
H
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20050607/eee79faa/attachment.bin
More information about the samba
mailing list