[Samba] AD with MS-DFS

Andrea Lindner-Lorenz lorenz at rz.rwth-aachen.de
Tue Jul 3 09:37:23 GMT 2007


we have installed three samba servers(3.0.25a). All are members in the 
same active directory domain (TESTAD). Now I try to set up a new samba 
server (Version 3.0.10-1.4E.12.2 , newest version for Sientific Linux 
4.4) in front of them which use ms-dfs to forward the request to the 
right samba server. This server is an AD member,too.

I find out, that I have to run winbind on the new samba server, because 
for every compute node inside the AD I have to create a unix user account.

Everything works if I try to connect to the new samba server from
a) a domain member
b) a member of a trusted domain. But I have to create a unix account for 
this member. Winbind does not create this account. Is it possible, that 
winbind create this account, too?
c) a compute node outside the domain with a account from a trusted domain

But it does not work from a compute node outside the domain with a 
account from the first AD Domain (TESTAD). I get the following error message
inside the smbd logs.

[2007/07/03 10:56:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
   Failed to verify incoming ticket!

How can I solve this problem?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5713 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.samba.org/archive/samba/attachments/20070703/68012fd8/smime.bin

More information about the samba mailing list