I was runing a sniffer on the Solaris host and on the windows kdc server and I found out the samba server doesn't initiate any connection to the windows kdc server when the windows client is trying to browse the samba shares. I would expect that it will consult the windows kdc server. Am I wrong in my assumption?
Thanks, Moshe -----Original Message----- From: Moshe Shaham [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 2:50 PM To: 'RRuegner'; Moshe Shaham Cc: '[EMAIL PROTECTED]' Subject: RE: [Samba] failing to browse unix shares with samba 3.0.2a It set up as security=ads This is my smb.conf: netbios name = shark workgroup = MYDOMAINNAME realm = MYDOMAINNAME server string = Samba Server log file = /opt/samba3.0/var/log.%m log level = 5 max log size = 50 security = ads local master = no os level = 0 domain master = no preferred master = no wins support = no wins server = 10.70.130.2, 10.80.20.4 dns proxy = no password server = mywindows2003kdc encrypt passwords = yes idmap uid = 10000-20000 idmap gid = 10000-20000 template homedir = /home/%D/%U template shell = /bin/bash winbind separator = + Thanks, Moshe -----Original Message----- From: RRuegner [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 1:05 PM To: Moshe Shaham Cc: '[EMAIL PROTECTED]' Subject: Re: [Samba] failing to browse unix shares with samba 3.0.2a Moshe Shaham schrieb: > We upgraded our Solaris 9 samba server to version 3.0.2a and configured > Kerberos MIT 1.3.2. > I was able to run kinit and join samba to our windows 2003 domain as a > domain member, but when I am trying to browse the samba shares from a > windows XP machine it is failing. When I am looking at the samba logs this > is what I am getting: > [2004/03/30 11:15:26, 3] libads/kerberos_verify.c:ads_verify_ticket(323) > ads_verify_ticket: enc type [3] failed to decrypt with error Decrypt > integrity check failed > [2004/03/30 11:15:26, 3] libads/kerberos_verify.c:ads_verify_ticket(330) > ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) > [2004/03/30 11:15:26, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) > Failed to verify incoming ticket! > [2004/03/30 11:15:26, 3] smbd/error.c:error_packet(94) > error string = No such file or directory > [2004/03/30 11:15:26, 3] smbd/error.c:error_packet(118) > error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX) > NT_STATUS_LOGON_FAILURE > > I was trying to run smbclient -k '\\machine\share' and it failed. After > initiating the kinit command I was then able to run the smbclient -k > command. Accessing the shares from a windows box is still failing. > > I am little confused, do I need to create a Kerberos database in the samba > server and manage the users tickets? My understanding is that I am > authenticating against windows 2003 Kerberos database. > > Thanks, > Moshe > where is your smb.conf, this looks like that you dont set security = user -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
