[Samba] inital access need some seconds - kerberos(?) error in log - 3.0.22-1 Debian

Steffen Kolbe kolbe at vwi.tu-dresden.de
Mon Jun 19 15:47:34 GMT 2006 

Systems:
- Win2003R2 Domain Controller
- Debian AMD64 with Samba 3.0.22-1 as ADS member; Users via nssldap / 
pam_krb5; MIT-Kerberos 1.4.3-7

On Win2003SP1 Terminalserver (ADS member, machine name: TS ; domain VW) 
with shares from Samba (see above) the access to these shares needs very 
often some seconds (sometime time out) for open folders/files. This 
occurs @ inital file/folder opening, sometime also if the file is opened 
- but it's working in general.


In Samba log I found:

[2006/06/19 16:52:01, 1] smbd/sesssetup.c:reply_spnego_kerberos(303)
  Username VW\TS$ is invalid on this system

Any ideas?

Steffen
-----------------------
my smb.conf:
[global]
        workgroup = VW
        realm = VW.xxxxxxxxx
        security = ADS
        log level = 1
        syslog = 0
        log file = /var/log/samba/log.%m
        socket options = TCP_NODELAY
        max log size = 1000
        os level = 20
        preferred master = No
        local master = No
        admin users = Administrator root
        hosts allow = xxxxxxxxxx
        interfaces = eth2:0
        bind interfaces only = yes
        netbios name = SMB
        server string = SMB - FILE SERVER
        hide files = /desktop.ini/
        csc policy = disable
        load printers = yes
        printing = cups
        printcap = cups

[printers]
        comment = all printers
        path = /var/spool/samba
        browsable = yes
        public = yes
        guest ok = yes
        writable = yes
        printable = yes
        printer admin = root, Administrator, XXXXXXXXXXXXX

[print$]
        comment = printer drivers
        path = /etc/samba/drivers
        browsable =yes
        guest ok = yes
        writable = yes
        write list = root, Administrator, xxxxxxxxxxxxxx

## shares
[home]
        comment = home directories all users (700)
        path = /home
        read only = No
        browseable = Yes
        create mask = 0700
        directory mask = 0711
        root preexec = /etc/samba/scripts/mk_samba_homedir -h "%u" "%g"
   .
   .

------------------------
my krb5.conf:
[libdefaults]
        default_realm = VW.XXXXXXXXX
        clockskew = 300
        dns_lookup_kdc = true
        default_keytab_name = FILE:/etc/krb5.keytab
        default_tgs_enctypes = des-cbc-md5 des-cbc-crc arcfour-hmac-md5
        default_tkt_enctypes = des-cbc-md5 des-cbc-crc arcfour-hmac-md5
        permitted_enctypes = des-cbc-md5 des-cbc-crc arcfour-hmac-md5
        kdc_timeout = 1500
        max_retries = 2
[domain_realm]
        vw.vkw.tu-dresden.de = VW.XXXXXXX
        .vw.vkw.tu-dresden.de = VW.XXXXXXX
[logging]
        default = FILE:/var/log/krb5libs.lo

More information about the samba mailing list