Jesse Guardiani
2006-Mar-30  17:35 UTC
[Samba] w2k ADS + Samba ADS Member, quirky browse mode
Hello,
I'm seeing an odd quirk running samba 3.0.21c & winbind
with kerberos 1.3.4 joining a windows 2000 ADS domain
on RHEL3.
The Samba server's hostname is "staging".
I run:
     /usr/kerberos/bin/kinit Administrator@DOMAIN.COM
     net ads join
Then I start up winbind and smb. winbind works prefectly.
I can log in as a domain user from via sshd/PAM, and the
usual:
     getent passwd
     getent group
Shows my domain users and groups just fine. In addition,
I can see a machine named "staging" in my PDC's Computer
list.
 From a Windows XP domain member on the network, I can
see a server named "Staging" in my network places
browse list. But if I click it I can't log in, and I
see this in /var/log/samba/my.ip.goes.here.log:
[2006/03/30 12:13:24, 2] smbd/sesssetup.c:setup_new_vc_session(772)
   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
[2006/03/30 12:13:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(197)
   Failed to verify incoming ticket!
HOWEVER, if I attempt to access the samba machine
directly using this URL syntax:
   \\staging.domain.com
Then it works fine. It would appear that samba/kerberos
doesn't want to respond to just:
   \\staging
Is this a bug, or an error in my config?
I'll be happy to provide more config info if needed.
Any ideas?
