[Samba] Re: samba-3.0.10-1.4E (RHEL4): logon failures with 2003
server pdc
Ville Herva
vherva at ENIGMA.viasys.com
Tue Oct 18 15:01:08 GMT 2005
On Tue, Oct 18, 2005 at 04:43:12PM +0300, you [Ville Herva] wrote:
> I recently set up a new RHEL4 server with samba-3.0.10 in a Windows 2003
> server PDC domain.
>
> I can log on as one user from different workstations on to the new samba
> server. With several other users, I get this error:
>
> Oct 18 16:41:34 samba-server smbd[2502]: krb5_rd_req(CIFS/samba-server at MY.DOM) failed: Wrong principal in request
> Oct 18 16:41:34 samba-server smbd[2502]: [2005/10/18 16:41:34, 0] libads/kerberos_verify.c:ads_keytab_verify_ticket(113)
>
> [2005/10/18 16:41:42, 0] libads/kerberos_verify.c:ads_keytab_verify_ticket(113) krb5_rd_req(CIFS/SAMBA_SERVER.my.dom at MY.DOM) failed: Wrong principal in request
>
> The users are able to log on to other servers just fine and should have all
> the needed permissions to log on to the share.
>
> Can anyone give me some clue what that error means?
>
> Some relevant lines from smb.conf:
>
> workgroup = MY
>
> password server = pdc-server.my.dom
> realm = MY.DOM
> security = ADS
> client schannel = no
> use spnego = Yes
> client use spnego = Yes
> use kerberos keytab = Yes
>
> encrypt passwords = yes
>
> wins server = <pdc-server.my.dom ip>
I appears that it's the workstation I try to connect from that is
significant, not the username. Some workstations work, some don't - with the
same username. The ones that work are not members of the domain, the ones
that don't are.
I also have
netbios name = SAMBASERVER
netbios aliases = OTHERNAME
in smb.conf.
What's even more curious is that on I can log on from the workstations that
don't work with \\SAMBASERVER\SHARE using \\OTHERNAME\SHARE. Even browsing
\\SAMBASERVER doesn't work, but \\OTHERNAME does. And on certain,
non-domain, workstations both work.
More information about the samba
mailing list