[Samba] Samba ADS ticket problem

ram dass mailtodazz at yahoo.com
Mon Mar 14 05:01:09 GMT 2005 

I've got samba-3.0.0-14.3E, and am trying to connect
to a
Windows 2000 domain using security = ADS

After following the instructions in the
Samba-HOWTO-Collection, I've got
kinit working, and am able to browse the Windows 2000
machines shares with
smbclient //win2kmixed/c\$ -k without a password.

However, if I try to connect to the machine, either
through network
neighborhood or with (on w2k net use *
\\server\share), it fails (asks for
username/password).

The HOWTO says to run klist tickets, which shows no
tickets. It doesn't say
what to do if that happens.

The log files for the machine trying to connect say:

[2003/07/24 14:58:09, 1]
libads/kerberos_verify.c:ads_verify_ticket(69)
  failed to fetch machine password
[2003/07/24 14:58:09, 1]
smbd/sesssetup.c:reply_spnego_kerberos(178)
  Failed to verify incoming ticket!

smb.conf has:

# Global parameters
[global]
        workgroup = DOMAIN
        realm = DOMAIN.LOCAL
        netbios name = SAM
        server string = SAMBA
        security = ADS
        password server = win2kmixed
        log file = /var/log/samba/log.%m
        max smbd processes = 1000
        socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
        enhanced browsing = No
        idmap uid = 10000-12000
        idmap gid = 10000-12000
        template homedir = /dev/null
        template shell = /sbin/nologin
        winbind separator = +
        create mask = 0700
        directory mask = 0700
        directory security mask = 0700
        max connections = 1000
        map archive = No
        follow symlinks = No

[share1]
        comment = share1
        path = /mnt/floppy/share1
        write list = DOMAIN+Administrator
        read only = No
        inherit permissions = Yes
        inherit acls = Yes
        map acl inherit = Yes

klist tickets returns:

klist: No credentials cache found (ticket cache
FILE:tickets)

klist returns:

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: ADMINISTRATOR at DOMAIN.LOCAL

Valid starting     Expires            Service
principal
07/24/03 14:18:34  02/25/05 00:18:34
krbtgt/DOMAIN.LOCAL at DOMAIN.LOCAL
07/24/03 14:54:22  02/25/05 00:18:34 
mp3box2$@DOMAIN.LOCAL

Even trying to connect from the Linux machine fails
with

[root at mp3box pty/s0] smbclient //mp3box2/share1 -k
session setup failed: NT_STATUS_LOGON_FAILURE

Any help would be appreciated; the documentation here
is not quite clear.

Ramadass



		
__________________________________ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/

More information about the samba mailing list