Hi, As Cedric suggested (thank you very much, man !!), I�ve downgraded my Samba from 3.0.1 to 3.0.0 and it worked !! There�s no more "password asking" window and no more Kerboros ticket errors.
Now I�m facing a new, weird problem: when my users can�t print 0(I�ve installed Cups to manage the Deskjet 840c), they receive an "access denied - unable to connect" error message when they try to print. From the Samba server box I can print using cat <somefile> > /dev/lp0. I�ve tried to change permissions, 777-ing both printer spool directory and /dev/lp0. The computer sharing options are: writable=yes, guest ok = yes, browseable = yes...etc). What is missing ?? Is there any config I�m forgetting ? Thanks in advance, Lindolfo Rodrigues ---------- Cabe�alho inicial ----------- De: Cedric Puddy <[EMAIL PROTECTED]> Para: samba_list <[EMAIL PROTECTED]> C�pia: samba <[EMAIL PROTECTED]> Data: Tue, 6 Jan 2004 19:42:27 -0500 (EST) Assunto: Re: [Samba] Samba + Active Directory > On Tue, 6 Jan 2004, samba_list wrote: > > > Hi, > > > > I�m having much trouble on configuring Samba to work on an Active > > Directory > > environment. > > > > Using getent password I�m able to see AD�s users. wbinfo -u and wbinfo -g > > also work fine. > > > > When someone from a Windows try to access my Samba server, the smd > > password > > window is shown (I think that the autehntication would be transparent, > > wouldn't it ?), any password I provide is rejected: I tried AD users using > > either the plain username and the DOMAIN\username form. I tried also using > > my root password, without any success. > > > > The logs are saying: > > [2004/01/05 18:42:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) > > Failed to verify incoming ticket! > > [2004/01/05 18:42:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) > > Failed to verify incoming ticket! > > > > Is there any special configuration I have to do on Active Directory to > > become AD authentication available to Samba ? > > Almost certainly, you are running version 3.0.1, which as best > I've been able to determine breaks kerberos ticket handling > in the case of a Win2k/XP box trying to access SAMBA. > > I've reported the problem to the list, and several others have > as well in recent times, but as yet, I haven't noticed a clear > answer as to what is broken. One fellow said that he was > testing 3.0.1 with the libads code changes reverted to 3.0.0, but > I don't believe he's reported back yet. (I'd be *very* interested > in beta testing that! :) > > What works for me is going to back to version 3.0.0. > The reason that's not good for me is becuase I have > a whole bunch of existing unix users that I want to > map properly to existing windows users of the same > names, and 3.0.1 is supposed to do that automaticly. > If that's not a concern for you, then you might not > have any reason to care which version you are running. > > I'm using the redhat RPMS, and doing this sequence > successfully downgrades me from 3.0.1 -> 3.0.0: > > <ensure that you have an admin ticket with > kinit, if you do the net ads leave/join > bits...> > net ads leave > cp /etc/samba/smb.conf /etc/samba/smb.conf.bak > /etc/rc.d/init.d/smb stop > /etc/rc.d/init.d/winbind stop > rpm -Uvh --force /usr/src/rpms/samba-3.0.0-2_rh9.i386.rpm > cp /etc/samba/smb.conf.bak /etc/samba/smb.conf > /etc/rc.d/init.d/smb start > /etc/rc.d/init.d/winbind start > net ads join > > The above process assumes that you've got the rpm file > downloaded in /usr/src/rpms, that you have the right > rpms for your system (in my case, rh9), and guarentees that > your smb.conf file doesn't get accidentally wiped out. > > I'm don't believe that the "net ads leave/join" part is > strictly necessary. I've just been doing it whenever I > upgrade/downgrade out of pedantdry. My understanding > is that it shouldn't be necessary, because the shared > secrets/etc should be stored in the Samba TDB databases > somewhere... > > In my case, simply changing to 3.0.0 immediately makes > everything work, and going to 3.0.1 immediately mades > everything break. > > If you want further confirmation that you are having > the same problem I am, increase the logging level to > something like 5, and look for "unknown key table type" > errors shortly before the "Failed to verify ticket" > error in your /var/log/samba/log.<workstation> file > (assuming that you put your logs in the default linux > location :) > > I hope that helps, > > Best Regards, > > -Cedric Puddy > > > I�ve already installed PAM and followed all intructions at samba.org, > > but is > > not working. > > > > Could someone please help me ? > > > > Thanks in advance, > > > > Lindolfo > > > > P.S.: I�ve already checked both servers� time, they are syncronized. > > > > > > -- > - > | CCj/ClearLine - Unix/NT Administration and TCP/IP Network Services > | 118 Louisa Street, Kitchener, Ontario, N2H 5M3, 519-741-2157 > \____________________________________________________________________ > Cedric Puddy, IS Director [EMAIL PROTECTED] > PGP Key Available at: http://www.thinkers.org/cedric > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
