[Samba] Re: samba-3.0.10-1.4E (RHEL4): logon failures with 2003 server pdc

Ville Herva vherva at ENIGMA.viasys.com
Tue Oct 18 15:01:08 GMT 2005

On Tue, Oct 18, 2005 at 04:43:12PM +0300, you [Ville Herva] wrote:
> I recently set up a new RHEL4 server with samba-3.0.10 in a Windows 2003
> server PDC domain.
> I can log on as one user from different workstations on to the new samba
> server. With several other users, I get this error:
> Oct 18 16:41:34 samba-server smbd[2502]:   krb5_rd_req(CIFS/samba-server at MY.DOM) failed: Wrong principal in request 
> Oct 18 16:41:34 samba-server smbd[2502]: [2005/10/18 16:41:34, 0] libads/kerberos_verify.c:ads_keytab_verify_ticket(113) 
> [2005/10/18 16:41:42, 0] libads/kerberos_verify.c:ads_keytab_verify_ticket(113) krb5_rd_req(CIFS/SAMBA_SERVER.my.dom at MY.DOM) failed: Wrong principal in request
> The users are able to log on to other servers just fine and should have all
> the needed permissions to log on to the share.
> Can anyone give me some clue what that error means?
> Some relevant lines from smb.conf:
>    workgroup = MY
>    password server = pdc-server.my.dom
>    realm = MY.DOM
>    security = ADS
>    client schannel = no
>    use spnego = Yes
>    client use spnego = Yes
>    use kerberos keytab = Yes
>   encrypt passwords = yes
>    wins server = <pdc-server.my.dom ip>

I appears that it's the workstation I try to connect from that is
significant, not the username. Some workstations work, some don't - with the
same username. The ones that work are not members of the domain, the ones
that don't are.

I also have 

   netbios name = SAMBASERVER
   netbios aliases = OTHERNAME

in smb.conf.

What's even more curious is that on I can log on from the workstations that
don't work with \\SAMBASERVER\SHARE using \\OTHERNAME\SHARE. Even browsing
\\SAMBASERVER doesn't work, but \\OTHERNAME does. And on certain,
non-domain, workstations both work.

More information about the samba mailing list