Fred Mayer
2004-Jan-12 11:03 UTC
[Samba] samba3.0.1/win2000ad/kerberos5: user cannot logon
Hi everyone! I've googled alot for this, and found *some* people with similar questions, but there was no answer if this is a bug in samba, a misconfiguration, or what? I have a win2000 active directory Server (wurzel.baum.local), a samba 2.2.3a on debian stable/woody (stamm.baum.local), security = user, a samba 3.0.1 on debian testing/Sarge (blatt1.baum.local) and a windowsxp machine joined to the actice directory domain (blatt.baum.local). It is a testing environment at a local switch. All IPs are static. DNS is configured on "wurzel" forward and reverse. resolv.conf/nsswitch.conf are configured to use the DNS of "wurzel", winbind is configured to map the users and groups. kerberos5 is configured as described in the samba3-Howto. All machines can ping by name and IP-address. "blatt1" is the machine that makes trouble. wbinfo -u, kinit administrator@BAUM.LOCAL, getent passwd work fine and give the expected output (Userlist, ok, userlist) setup of the samba 3.0.1 went just fine, net ads join went fine, users on "blatt" could use the shares on "blatt1". After a reboot of all the machines (testing environment, remember?) I can still see "blatt1" in the network neighborhood of "wurzel" and "blatt", but no user can connect, a password-dialog pops up that cannot be satisfied by any user/password combination the win2000 server knows. /var/log/samba/log.ipofblatt tells me: [2004/01/12 10:57:35, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) Failed to verify incoming ticket! [2004/01/12 10:57:47, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) Failed to verify incoming ticket! If anybody needs futher .conf data, please tell me and I post them. Has anybody a clue what is wrong here? Thanks, -- Fred Mayer www.onkeldata.de