[Samba] spnego_kerberos(303) - Username Domain\Client$ is invalid

Steffen Kolbe kolbe1 at vwi.tu-dresden.de
Thu Jun 22 07:38:16 GMT 2006 

Can anybody tell me please, what isn't correct? What should I change in 
config?

/var/samba/log/log.XP-CLIENT-IP:

[2006/06/22 08:24:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(303)
 Username DOMAIN\XP-CLIENT-NAME$ is invalid on this system


all works in general, but the error above is listed in every 
/var/log/samba/log.CLIENT

Thanks
Steffen

---------------------------------------------

environment:
* Win2003R2 domain
  - ldap unix extensions used
* Samba 3.0.22 on Debian AMD64
  - ads member
  - MIT Kerberos 1.4.3-7
  - nss-ldap / pam-krb5
* XP SP2 clients

----------------------------------------------
/etc/samba/smb.conf
[global]
       workgroup = DOMAIN
       realm = FQDN
       netbios name = SMB
       server string = SMB - FILE SERVER
       interfaces = eth2:0
       bind interfaces only = Yes
       security = ADS
       log level = 1
       syslog = 0
       log file = /var/log/samba/log.%m
       max log size = 1000
       printcap name = cups
       preferred master = No
       local master = No
       ldap ssl = no
       admin users = Administrator, root
       hosts allow = XXXX
       printing = cups
       print command =
       lpq command = %p
       lprm command =
       hide files = /desktop.ini/
       csc policy = disable

[printers]
       comment = all printers
       path = /var/spool/samba
       printer admin = root, Administrator
       read only = No
       guest ok = Yes
       printable = Yes
       browseable = Yes
       public = Yes
       writeable = Yes

[print$]
       comment = printer drivers
       path = /etc/samba/drivers
       write list = root, Administrator
       writeable = Yes
       guest ok = Yes

[home]
       comment = home directories all users (700)
       path = /home
       read only = No
       create mask = 0700
       directory mask = 0711
       root preexec = /etc/samba/scripts/mk_samba_homedir -h "%u" "%g"

------------------------------------------------------------------
etc/krb5.conf
[libdefaults]
       default_realm = FQDN
       clockskew = 300
       dns_lookup_kdc = true
       default_keytab_name = FILE:/etc/krb5.keytab
       default_tgs_enctypes = des-cbc-md5 des-cbc-crc arcfour-hmac-md5
       default_tkt_enctypes = des-cbc-md5 des-cbc-crc arcfour-hmac-md5
       permitted_enctypes = des-cbc-md5 des-cbc-crc arcfour-hmac-md5

       kdc_timeout = 1500
       max_retries = 2

[domain_realm]
       fqdn = FQDN
       .fqdn = FQDN

[logging]
       default = FILE:/var/log/krb5libs.log

More information about the samba mailing list