On Thu, 2006-02-23 at 13:16 -0800, Richard Verdugo wrote: > Hi, > I'm using FC3 with samba 3.0 trying to be part of a Windows 2000 AD. > When I try to access a samba share it gives me: Logon Failure: The target > account name is incorrect >
This error happens when the target server cannot decrypt the service ticket presented to it. > > The Active Directory domain for our small inhouse private network is > MBB.COM, we have our own nameservers that list the samba server in our > company domain, which is epublishers.com. So to reach the samba server we > would go to sambaserver.epublishers.com for example. > > Does this look right, or is it possible that the 2 different domain names > are somehow causing a conflict? > In most cases, this is because you have a server in the client's realm with a servicePrincipalName attribute (e.g. host/server) matching that of the "true" destination service in another realm. When the client asks for a service ticket to host/server, they end up with a service ticket to the service account in the client realm, not the remote realm. See the kerberos troubleshooting whitepaper at http://www.microsoft.com/kerberos for more details on this error, and how to remedy it. Generically speaking, this can be solved by either: 1) accessing the remote server by its FQDN (e.g. net use * \ \server.sambaserver.epublishers.com) (I'm assuming you're accessing the service via the NETBIOS name). 2) Checking for a matching service account in the client realm, and deleting it (or renaming it). > thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
