[Samba] w2k ADS + Samba ADS Member, quirky browse mode
Jesse Guardiani
jesse at wingnet.net
Thu Mar 30 17:35:07 GMT 2006
Hello,
I'm seeing an odd quirk running samba 3.0.21c & winbind
with kerberos 1.3.4 joining a windows 2000 ADS domain
on RHEL3.
The Samba server's hostname is "staging".
I run:
/usr/kerberos/bin/kinit Administrator at DOMAIN.COM
net ads join
Then I start up winbind and smb. winbind works prefectly.
I can log in as a domain user from via sshd/PAM, and the
usual:
getent passwd
getent group
Shows my domain users and groups just fine. In addition,
I can see a machine named "staging" in my PDC's Computer
list.
From a Windows XP domain member on the network, I can
see a server named "Staging" in my network places
browse list. But if I click it I can't log in, and I
see this in /var/log/samba/my.ip.goes.here.log:
[2006/03/30 12:13:24, 2] smbd/sesssetup.c:setup_new_vc_session(772)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2006/03/30 12:13:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(197)
Failed to verify incoming ticket!
HOWEVER, if I attempt to access the samba machine
directly using this URL syntax:
\\staging.domain.com
Then it works fine. It would appear that samba/kerberos
doesn't want to respond to just:
\\staging
Is this a bug, or an error in my config?
I'll be happy to provide more config info if needed.
Any ideas?
More information about the samba
mailing list