| When a Windows client attempts to browse shares on a Samba 3.0 server | authenticating against a Windows 2003 Active Directory domain, it | requests credentials. Typing in user name and password fails
I am having this exact same issue. Attached is a sample copy of my smb.conf and krb5.conf along with some errors I got from the smbd logs (max debug level). smb.conf ---- [global] server string = Samba 3.0.0 workgroup = DOMAIN hosts allow = 192.168.3. 127. security = ADS realm = DOMAIN.COM client use spnego = yes password server = ads.domain.com socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no domain logons = no name resolve order = host dns proxy = yes [test] comment = Test Share path = /home/user/test read only = no browsable = yes writable = yes guest ok = yes krb5.conf ---- [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = DOMAIN.COM dns_lookup_realm = false dns_lookup_kdc = false [realms] MATCHNET.COM = { kdc = ads.domain.com:88 admin_server = ads.domain.com:749 default_domain = domain.com } [domain_realm] .domain.com = DOMAIN.COM domain.com = DOMAIN.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } smb log snippet ---- [2003/11/12 17:54:31, 10] passdb/secrets.c:secrets_named_mutex(697) secrets_named_mutex: got mutex for replay cache mutex [2003/11/12 17:54:31, 10] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type [2003/11/12 17:54:31, 3] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [3] failed to decrypt with error Decrypt integrity check failed [2003/11/12 17:54:31, 10] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type [2003/11/12 17:54:31, 10] passdb/secrets.c:secrets_named_mutex_release(709) secrets_named_mutex: released mutex for replay cache mutex [2003/11/12 17:54:31, 3] libads/kerberos_verify.c:ads_verify_ticket(317) ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2003/11/12 17:54:31, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) Failed to verify incoming ticket! [2003/11/12 17:54:31, 3] smbd/error.c:error_packet(94) error string = No such file or directory [2003/11/12 17:54:31, 3] smbd/error.c:error_packet(113) error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE Anyone run into this as well? Thanks, Brian -----Original Message----- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2003 8:49 AM To: Jonathan Johnson Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Client accessing Samba doesn't authenticate against Active Directory -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jonathan Johnson wrote: | When a Windows client attempts to browse shares on a Samba 3.0 server | authenticating against a Windows 2003 Active Directory domain, it | requests credentials. Typing in user name and password fails Looks like you don't have the MIT krb5 1.3.1 libs or the latest version of Heimdal (don't remembe which version you need...cvs development snapshot maybe). | Output of smbclient -k -L license [EMAIL PROTECTED] | [2003/11/12 16:03:45, 0] libsmb/clientgen.c:cli_receive_smb(121) | SMB Signature verification failed on incoming packet! | session setup failed: Server packet had invalid SMB signature! ... | ----- | Interesting lines of /var/log/samba/log.192.168.254.202: | | [2003/11/12 14:00:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) | Failed to verify incoming ticket! | (message is repeated twice) | cheers, jerry - -- ~ ---------------------------------------------------------------------- ~ Hewlett-Packard ------------------------- http://www.hp.com ~ SAMBA Team ---------------------- http://www.samba.org ~ GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc ~ "If we're adding to the noise, turn off this song" --Switchfoot (2003) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/s7YNIR7qMdg1EfYRAre8AJ4tW64CC2OTjxDD/zaU7k+HFcPungCfdZmC RLnMHyR095uIzJ48yg5EQ2Y= =4M/D -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba