Hi There's a lot of this all over the web but there doesn't seem to be much in the way of in-depth investigation.
I have a RHEL5.3 server on which I've installed samba 3.5.7 from http://ftp.sernet.de/pub/samba/3.5/rhel/5/i386/ It's set up with identical kdc.conf and smb.conf files to a server I set up on the same network last week which is working flawlessly. I can log on to the shares as long as I use \\192.168.x.x\share but if I use \\netbiosname\share I get "extended error" from XP. Now the various suggestions from the web are that when you log in using the IP it authenticates using ntlmssp but using the name it authenticates using kerberos. So just to make sure, I'll check kerberos auth: /etc/samba wbinfo -K geoff.winkless Enter geoff.winkless's password: plaintext kerberos password authentication for [geoff.winkless] succeeded (requesting cctype: FILE) credentials were put in: FILE:/tmp/krb5cc_0 Kerberos seems fine... log.smbd suggests that the system is trying to authenticate with the client machine name as the username (wtf?). Here's the section from the log when I try to log in (domain name is replaced with XXXX, server is guava, client is XXXX-001119): [2011/03/03 08:20:09.107028, 3] smbd/oplock.c:895(init_oplocks) init_oplocks: initializing messages. [2011/03/03 08:20:09.108415, 3] smbd/oplock_linux.c:224(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2011/03/03 08:20:09.109092, 3] smbd/process.c:1485(process_smb) Transaction 0 of length 72 (0 toread) [2011/03/03 08:20:09.109241, 2] smbd/reply.c:554(reply_special) netbios connect: name1=GUAVA 0x20 name2=XXXX-001119 0x0 [2011/03/03 08:20:09.109419, 2] smbd/reply.c:565(reply_special) netbios connect: local=guava remote=XXXX-001119, name type = 0 [2011/03/03 08:20:09.111109, 3] smbd/process.c:1485(process_smb) Transaction 0 of length 137 (0 toread) [2011/03/03 08:20:09.111223, 3] smbd/process.c:1294(switch_message) switch message SMBnegprot (pid 2815) conn 0x0 [2011/03/03 08:20:09.111309, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/03/03 08:20:09.111326, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2011/03/03 08:20:09.111342, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [LANMAN1.0] [2011/03/03 08:20:09.111355, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2011/03/03 08:20:09.111366, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [LM1.2X002] [2011/03/03 08:20:09.111376, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [LANMAN2.1] [2011/03/03 08:20:09.111587, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [NT LM 0.12] [2011/03/03 08:20:09.113207, 3] smbd/negprot.c:404(reply_nt1) using SPNEGO [2011/03/03 08:20:09.113298, 3] smbd/negprot.c:691(reply_negprot) Selected protocol NT LM 0.12 [2011/03/03 08:20:09.114628, 3] smbd/process.c:1485(process_smb) Transaction 1 of length 1428 (0 toread) [2011/03/03 08:20:09.115007, 3] smbd/process.c:1294(switch_message) switch message SMBsesssetupX (pid 2815) conn 0x0 [2011/03/03 08:20:09.115062, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/03/03 08:20:09.115169, 3] smbd/sesssetup.c:1436(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2011/03/03 08:20:09.115249, 2] smbd/sesssetup.c:1391(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2011/03/03 08:20:09.115314, 3] smbd/sesssetup.c:1190(reply_sesssetup_and_X_spnego) Doing spnego session setup [2011/03/03 08:20:09.115380, 3] smbd/sesssetup.c:1232(reply_sesssetup_and_X_spnego) NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2011/03/03 08:20:09.115489, 3] smbd/sesssetup.c:806(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1197 [2011/03/03 08:20:09.127334, 3] libads/authdata.c:304(decode_pac_data) Found account name from PAC: XXXX-001119$ [XXXX-001119$] [2011/03/03 08:20:09.127570, 3] smbd/sesssetup.c:338(reply_spnego_kerberos) Ticket name is [[email protected]] [2011/03/03 08:20:09.146847, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/03/03 08:20:09.146977, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/03/03 08:20:09.147045, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/03/03 08:20:09.148006, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/03/03 08:20:09.148144, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-644159478-2111868696-1206633297-1475] [2011/03/03 08:20:09.148527, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-644159478-2111868696-1206633297-515] [2011/03/03 08:20:09.148531, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2011/03/03 08:20:09.148818, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2011/03/03 08:20:09.149000, 3] smbd/password.c:282(register_existing_vuid) register_existing_vuid: User name: XXXX+XXXX-001119$ Real name: XXXX-001119$ Why is samba trying to authenticate by machine name? Thanks! Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
