I recently upgraded a backup fileserver used for testing purposes from samba-3.0.10 to the current samba-3.0.11 using the FreeBSD portupgrade. The fileserver is setup in a W2K AD. The fileserver uses Winbind to get AD accounts and shares are created on the Samba server. Worked fine until the upgrade. Here is a copy of the current smb.conf [global] unix charset = LOCALE workgroup = DOMAIN realm = DOMAIN.COM server string = Backup Server security = ADS hosts allow = IP Address. 127. log file = /var/log/samba/log.%m max log size = 50 log level = 5 syslog = 0 ldap ssl = no enable privileges = no # added this to test with new samba version. I have tried it with set to yes or left out. Same results. idmap uid = 10000-20000 idmap gid = 10000-20000 template primary group = "DOMAIN\Domain Users" template shell = /usr/local/bin/bash winbind use default domain = yes interfaces = IP Address/24 local master = no domain master = no preferred master = no admin users = "DOMAIN\Administrator" valid users = "DOMAIN\Domain Users" dos filemode = yes [homes] comment = Home Directories valid users = %S read only = no browseable = no [www] comment = web directories path = /home/username read only = no browseable = yes force user = username When I try to connect to the share www from a Windows machine in the domain, I get a standard can't connect error. When I try connecting by computer name \\COMPUTER , I am prompted for a username and password, none of which works. After turning on full logging, I receive the following errors in: Computer trying to connect logfile: [2005/02/08 08:28:21, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(201) ads_secrets_verify_ticket: enc type [16] failed to decrypt with error Message size is incompatible with encryption type [2005/02/08 08:28:21, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(201) ads_secrets_verify_ticket: enc type [5] failed to decrypt with error Decrypt integrity check failed [2005/02/08 08:28:21, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(201) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2005/02/08 08:28:21, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(201) ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Decrypt integrity check failed [2005/02/08 08:28:21, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(201) ads_secrets_verify_ticket: enc type [2] failed to decrypt with error Decrypt integrity check failed [2005/02/08 08:28:21, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(201) ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Decrypt integrity check failed [2005/02/08 08:28:21, 3] libads/kerberos_verify.c:ads_verify_ticket(313) ads_verify_ticket: krb5_rd_req with auth failed (Unknown error: 0) [2005/02/08 08:28:21, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! [2005/02/08 08:28:21, 3] smbd/error.c:error_packet(105) error string = Invalid argument [2005/02/08 08:28:21, 3] smbd/error.c:error_packet(129) error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE Winbind Logfile: [2005/02/08 08:33:32, 5] nsswitch/winbindd_ads.c:trusted_domains(842) trusted_domains: Could not open a connection to DOMAIN for PIPE_NETLOGON (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)
Smbd Logfile: No listed errors. I can: -kinit [EMAIL PROTECTED] obtain a ticket -klist view ticket details -wbinfo -u enumerate users -wbinfo -g enumerate groups -wbinfo -r username get user groups -net ads leave -net ads join -U administrator All of the above give no errors at all. System specs: FreeBSD 5.2.1-RELEASE #0: heimdal-0.6.3_2 (configured with LDAP) samba-3.0.11,1 (configured with LDAP, ADS, WINBIND, ACL_SUPPORT and UTMP) openldap-client-2.2.23 If I try to chown on the Samba Server chown administrator or chown DOMAIN\administrator or if I try to chgrp a domain group, I get an invalid argument error, which is usually given when winbind is having problems. I could do this previously before the upgrade. When I do that the winbind log has the following errors: [2005/02/08 11:03:01, 5] nsswitch/winbindd_ads.c:trusted_domains(842) trusted_domains: Could not open a connection to DOMAIN for PIPE_NETLOGON (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) [2005/02/08 11:03:05, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [49820]: request interface version [2005/02/08 11:03:05, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [49820]: request location of privileged pipe [2005/02/08 11:03:05, 5] nsswitch/winbindd.c:winbind_client_read(477) read failed on sock 20, pid 49820: EOF [2005/02/08 11:03:05, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126) [49820]: getpwnam administrator [2005/02/08 11:03:05, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) user 'administrator' does not exist [2005/02/08 11:03:05, 5] nsswitch/winbindd.c:winbind_client_read(477) read failed on sock 21, pid 49820: EOF For the sake of argument, I tried this on another machine that was similarly configured. After the upgrade, the result was the same as the above. So is there are bug in the latest release or does it have to do with some of the new features in samba-3.0.11? Any help would be appreciated. Thanks, Mark Irving -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba