[Samba] Re: samba-3.0.10-1.4E (RHEL4): logon failures with 2003
server pdc
Sanjay Upadhyay
glowfriend at gmail.com
Wed Oct 19 04:24:36 GMT 2005
Check the DNS entries.. in case the AD is configured with the DNS,
enter the correct entries for the linux boxes and check...
regards
On 10/18/05, Ville Herva <vherva at enigma.viasys.com> wrote:
> On Tue, Oct 18, 2005 at 04:43:12PM +0300, you [Ville Herva] wrote:
> > I recently set up a new RHEL4 server with samba-3.0.10 in a Windows 2003
> > server PDC domain.
> >
> > I can log on as one user from different workstations on to the new samba
> > server. With several other users, I get this error:
> >
> > Oct 18 16:41:34 samba-server smbd[2502]: krb5_rd_req(CIFS/samba-server at MY.DOM) failed: Wrong principal in request
> > Oct 18 16:41:34 samba-server smbd[2502]: [2005/10/18 16:41:34, 0] libads/kerberos_verify.c:ads_keytab_verify_ticket(113)
> >
> > [2005/10/18 16:41:42, 0] libads/kerberos_verify.c:ads_keytab_verify_ticket(113) krb5_rd_req(CIFS/SAMBA_SERVER.my.dom at MY.DOM) failed: Wrong principal in request
> >
> > The users are able to log on to other servers just fine and should have all
> > the needed permissions to log on to the share.
> >
> > Can anyone give me some clue what that error means?
> >
> > Some relevant lines from smb.conf:
> >
> > workgroup = MY
> >
> > password server = pdc-server.my.dom
> > realm = MY.DOM
> > security = ADS
> > client schannel = no
> > use spnego = Yes
> > client use spnego = Yes
> > use kerberos keytab = Yes
> >
> > encrypt passwords = yes
> >
> > wins server = <pdc-server.my.dom ip>
>
> I appears that it's the workstation I try to connect from that is
> significant, not the username. Some workstations work, some don't - with the
> same username. The ones that work are not members of the domain, the ones
> that don't are.
>
> I also have
>
> netbios name = SAMBASERVER
> netbios aliases = OTHERNAME
>
> in smb.conf.
>
> What's even more curious is that on I can log on from the workstations that
> don't work with \\SAMBASERVER\SHARE using \\OTHERNAME\SHARE. Even browsing
> \\SAMBASERVER doesn't work, but \\OTHERNAME does. And on certain,
> non-domain, workstations both work.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list