[Samba] Server 2008 and Samba 3.0.25b

Alainna C. White alainna at pha.jhu.edu
Thu Mar 19 15:11:18 GMT 2009

Hi Folks -

I'm experiencing a very strange problem with Server 2008 machines (for 
all intents and purposes related to Samba, it's Vista) connecting to a 
Samba Server.  The Samba machine is a RHEL4.6 machine running Samba 
3.0.25b.  I am joined to the mixed mode AD domain via the command "net 
rpc join -U administrator <domain>".  I am not using winbind or 
kerberos.  Or at least, I am not trying to.  The smb.conf file is at the 
bottom of this email.  I've removed things like disallowed users from 
the file to keep it brief.

I have another samba machine with the very same OS and release, and it 
works fine. 

When I try to connect to the Samba machine from the 2k8 machine using 
the UNC path, I get a "network path not found" message.  Oddly, if I use 
'\\ipaddress' it works just fine.

I used Wireshark to look at the packets, and there is one glaring 
difference between the working samba install and the non-working samba 
install: in the Session Setup andX Request packet  (under the "security 
blob") that the client sends to the samba server,  the working one lists 
one mechtype: NTLMSSP.  The non-working one lists three mechtypes: MS 
KRB5, KRB5, NTLMSSP, in that order.  The non-working one has a krb5 
ticket further down in the packet.

Samba logs show an error:
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2009/03/18 10:39:36, 1] libsmb/ntlmssp.c:ntlmssp_update(327)

I don't think it should be able to parse the NTLMSSP packet, since it 
isn't an NTLMSSP packet.  It's a KRB5 ticket.  At least, to the best 
that I can understand

I have tried copying the working SMB.CONF file to the non-working host, 
and that didn't help at all.

To me it seems like the client is requesting KRB5 authentication.  I'm 
not good enough with network packets to see if the server requested that 
type of session, but as far as I can tell it did not. 

Any help would be greatly appreciated. 



hosts allow = xxx.xxx.xxx.
workgroup = dss
security = domain
password server = *
encrypt passwords = yes
wins support = no
debug level = 1
guest ok = no
inherit permissions = yes
username map = /etc/samba/smbusers

Alainna C. White
Johns Hopkins University 
Physics & Astronomy, 3701 San Martin Drive, Baltimore MD  21218 
Voice: 410 516 4536 | Email: alainna at pha.jhu.edu

More information about the samba mailing list