When a Windows client attempts to browse shares on a Samba 3.0 server authenticating against a Windows 2003 Active Directory domain, it requests credentials. Typing in user name and password fails. Basically, I can't see even see the shares.
If I give username/password for a user in smbpasswd, then I can browse the Samba server. Configuration info: ADS server: LICENSE ADS server IP: 192.168.254.201 ADS domain/realm: 3KINGSINC.LOCAL Windows Server 2003 Samba server: DATASERVER Samba server IP: 192.168.254.250 RedHat Linux 9, Samba 3.0.0, krb5 1.3.1 successfully joined this to ADS domain Client: TS Client IP: 192.168.254.202 Windows Server 2003 is a member server in ADS domain ----- Output of wbinfo -t: checking the trust secret via RPC calls failed error code was NT_STATUS_UNSUCCESSFUL (0xc0000001) Could not check secret ----- Output of klist: Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 11/12/03 14:18:01 11/13/03 00:18:05 krbtgt/[EMAIL PROTECTED] renew until 11/13/03 14:18:01 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached ----- Output of kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]:<passwd> [EMAIL PROTECTED] samba]# ----- Output of kadmin: Authenticating as principal administrator/[EMAIL PROTECTED] with password. kadmin: Client not found in Kerberos database while initializing kadmin interface ----- Output of kadmin -p [EMAIL PROTECTED]: Authenticating as principal [EMAIL PROTECTED] with password. Password for [EMAIL PROTECTED]:<passwd> kadmin: Database error! Required KADM5 principal missing while initializing kadmin interface ----- Output of smbclient -L license -U Administrator Password:<passwd> Sharename Type Comment --------- ---- ------- E$ Disk Default share IPC$ IPC Remote IPC NETLOGON Disk Logon server share ADMIN$ Disk Remote Admin SYSVOL Disk Logon server share C$ Disk Default share Server Comment --------- ------- DATASERVER File Storage (BG Samba Server) LICENSE TS Workgroup Master --------- ------- 3 KINGS 3-I1FQNAK3OL85P 3KINGSINC LICENSE ----- Output of smbclient -L dataserver -U Administrator Password: session setup failed: NT_STATUS_NO_LOGON_SERVERS ----- Output of smbclient -k -L license [EMAIL PROTECTED] [2003/11/12 16:03:45, 0] libsmb/clientgen.c:cli_receive_smb(121) SMB Signature verification failed on incoming packet! session setup failed: Server packet had invalid SMB signature! ----- Interesting lines of /var/log/samba/log.192.168.254.202: [2003/11/12 14:00:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) Failed to verify incoming ticket! (message is repeated twice) ----- Interesting lines of /var/log/samba/log.winbindd: [2003/11/12 15:54:55, 1] libsmb/smb_signing.c:signing_good(227) signing_good: SMB signature check failed on seq 1! [2003/11/12 15:54:55, 0] libsmb/clientgen.c:cli_receive_smb(121) SMB Signature verification failed on incoming packet! ----- Interesting lines of /var/log/messages: Nov 12 15:52:43 dataserver winbindd[21960]: [2003/11/12 15:52:43, 0] libsmb/clientgen.c:cli_receive_smb(121) Nov 12 15:52:43 dataserver winbindd[21960]: SMB Signature verification failed on incoming packet! ----- Content of smb.conf: # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2003/11/12 14:18:40 # Global parameters [global] workgroup = 3KINGSINC realm = 3KINGSINC.LOCAL server string = File Storage (BG Samba Server) security = ADS password server = license.3kingsinc.local log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/sbin/useradd -d/home/%D/%U %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g dns proxy = No ldap ssl = no idmap uid = 10000-20000 idmap gid = 10000-20000 winbind use default domain = Yes [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No ----- Interesting lines of nsswitch.conf: passwd: files winbind shadow: files winbind group: files winbind hosts: files dns wins ----- Content of krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = 3KINGSINC.LOCAL dns_lookup_realm = false dns_lookup_kdc = false [realms] 3KINGSINC.LOCAL = { kdc = license.3kingsinc.local:88 admin_server = license.3kingsinc.local:749 default_domain = 3KINGSINC.LOCAL } [domain_realm] .3kingsinc.local = 3KINGSINC.LOCAL 3kingsinc.local = 3KINGSINC.LOCAL [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } ----- --Jon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba