[Samba] Logon Failure: The target account name is incorrect
tstecher at isilon.com
Wed Mar 1 21:55:22 GMT 2006
On Thu, 2006-02-23 at 13:16 -0800, Richard Verdugo wrote:
> I'm using FC3 with samba 3.0 trying to be part of a Windows 2000 AD.
> When I try to access a samba share it gives me: Logon Failure: The target
> account name is incorrect
This error happens when the target server cannot decrypt the service
ticket presented to it.
> The Active Directory domain for our small inhouse private network is
> MBB.COM, we have our own nameservers that list the samba server in our
> company domain, which is epublishers.com. So to reach the samba server we
> would go to sambaserver.epublishers.com for example.
> Does this look right, or is it possible that the 2 different domain names
> are somehow causing a conflict?
In most cases, this is because you have a server in the client's realm
with a servicePrincipalName attribute (e.g. host/server) matching that
of the "true" destination service in another realm.
When the client asks for a service ticket to host/server, they end up
with a service ticket to the service account in the client realm, not
the remote realm. See the kerberos troubleshooting whitepaper at
http://www.microsoft.com/kerberos for more details on this error, and
how to remedy it.
Generically speaking, this can be solved by either:
1) accessing the remote server by its FQDN (e.g. net use * \
\server.sambaserver.epublishers.com) (I'm assuming you're accessing the
service via the NETBIOS name).
2) Checking for a matching service account in the client realm, and
deleting it (or renaming it).
> thank you.
More information about the samba