I'm in the process of opening a case with Sun support as well, but thought I'd 
post here to see if I get a quicker / different response.

I'm running SaMBa 3.025 - bundled in Solaris 10 U4 in a container.
The container has a primary dns name as well as 2 aliases.

I configure the /etc/krb5/krb5.conf file and test via the kinit command.  The 
test is successful.

I configure the /etc/sfw/smb.conf file and test using the net ads join -U 
adminuser command.  The test is successful as the box joins the active 
directory structure.

I then attempt to map to a home directory share, and get prompted for 
credentials.   The log file in /var/samba/log is named after the PC client's IP 
address.  It continuously spews the following message over and over again.

[2007/09/18 11:28:56, 1] smbd/sesssetup.c:(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!

However, if I attempt to access the home directory share using one of the 
aliases or the IP address of the container, the explorer window with the mapped 
directory opens up immediately, showing the home directory contents, and the 
mapped share is writeable as expected.

The samba service opens the log file named after the client PC's IP address, 
but doesn't put anything in it.  It then opens up a log file named after the 
client PC's netbios name, and writes a successful connection message.

[2007/09/17 20:42:06, 1] smbd/service.c:(1033)
  pcnbname (ip.ad.dre.ss) connect to service homedir initially as user aduserid 
(uid=4321, gid=4321) (pid 11592)

The only time we can't access the shares is when we use the primary DNS name of 
the container, which was used to register the samba server in the active 
directory structure.

I've replicated this issue on multiple servers, including a Sun-Fire 280R, a 
Netra T1 AC 200, and the new T2000 servers.

Am I missing something simple?  Or is there a bug with the netbios name and 
shared IP infrastructure?

Our intent is to have multiple containers in the same IP subnet, hosting 
multiple samba services.

I've gotten around this issue by making the primary name one of the aliases 
that wouldn't normally be used for the box, and setting the primary as an alias 
within the /etc/hosts file.
This message posted from opensolaris.org
zones-discuss mailing list

Reply via email to