[Samba] samba 3.5.7 tries to authenticate on ADS by machine name, not username
Geoff Winkless
samba at geoff.dj
Sun Mar 6 03:42:58 MST 2011
On 03/03/2011 09:55, Geoff Winkless wrote:
> everything works fine, which suggests that XP is defaulting to sending
> the "wrong" information.
>
> Upping the debug level does confirm that XP doesn't send the username
> in the authentication packets. Is there some machine-trust mechanism
> that XP is trying to make use of that samba doesn't understand? Should
> samba be returning "I don't understand that, what's your username??"
> to the XP client, rather than trying to read the machine name as a
> username?
More info... the box is also having trouble with ssh client - unless I
disable gssapi auth in the ssh_config it sits and times out when
connecting from the box to another; AIUI this points squarely at
kerberos as the culprit.
Now I upgraded this server from an old redhat 9 installation that was
working fine with identical samba config; is it possible there's some
weirdness going on with out-of-date tickets in the DC? I'm afraid I've
very little understanding of how kerberos functions :(
Any help would be really appreciated, I've tried about everything I can
here.
Geoff
More information about the samba
mailing list