I got the same problem, but I recompiled Samba using the latest kerberos for MIT (1.3) and that works.
/Patrik
Norris, Brent wrote:
Ok I changed my samba entries in pam.d and now I get a login box, but I still cannot login. Here is what the log file for my machine shows now:
[2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175) Failed to verify incoming ticket! [2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175) Failed to verify incoming ticket! [2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175) Failed to verify incoming ticket! [2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175) Failed to verify incoming ticket! [2003/06/19 09:34:03, 1] smbd/sesssetup.c:reply_spnego_kerberos(221) Username bnorris is invalid on this system
Anyone got any ideas?
Well, I have the same exact problem as you. I have everything setup right so that wbinfo pulls all information fine. I can Kerberos too. But, can't login from the network. I thought it was PAM, but no for me either. I've posted about this a couple of times, to no avail. Hope someone answers yours!
-----Original Message-----
From: Norris, Brent [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2003 10:14 AM
To: Chip Bell
Subject: RE: [Samba] Setting up 3.0 to authenticate to AD
Sounds like you set up winbind..did you do pam?I was under the impression from the documentation that pam only needed to be changed if you wanted to be able to use the accounts to login as far as telnet, ssh, ftp type stuff. It states that winbindd and samba should be working together and that they /etc/pam.d/samba didn't need changing. Though mine looks like this:
auth required pam_nologin.so auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth session required pam_stack.so service=system-auth password required pam_stack.so service=system-auth
While the doc's only has the two lines:
auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth
I wasn't attempting to change it though since that is what the samba rpm put in there. Perhaps I should change it to look like the one in the docs??
Brent
<------ output from testparm ----->
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[public]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions
# Global parameters [global] workgroup = STU realm = STU.EDMONSON.K12.KY.US server string = Linux File Server security = ADS log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No wins server = 10.76.16.50 winbind separator = + winbind use default domain = Yes
[homes] comment = Home Directories read only = No browseable = No
[printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No
[public] comment = Public Stuff path = /home/samba write list = bnorris guest ok = Yes
-- "In a world without fences who needs Gates" Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.sweden Mobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 --------------------------------------------------------------
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
