Hello, I found another strange problem while migrating from 3.0.22 to 3.0.23x (with 'x' eq 'd' now): I can't access my [homes]-share anymore - if i try, the samba-server prompts me for a password. What *is* working is accessing the same directory as [<username>]... E.g.: \\Sambaserver\matthias works whereas \\Sambaserver\homes works *not* Unfortunaely it is essential for some of our processes to access the specific homedir of each user with the same sharename. It did work again after downgrade to 3.0.22. This implies that I didn't change anything on the samba configuration. The server is a member of an W2k3-AD-Domain. OS is FreeBSD 5.5 and 6.2 If I look at the log-files, everything looks fairly good, the homes-Service is mapped to the right directory, the (Win-) Username is mapped to the right unix account - no obvious problems in this area. The only problem I found in the logfiles is a failure to decrypt incoming ticket (I think, this is why the password request pops up) when I try to access the homes-share. As said before, no problems when accessing all the other shares (there are lots!). What is different when accessing the homes-share? I tried MIT-Kerberos as well as Heimdal 0.64 (IIRC, FreeBSD base), no difference. This makes kind of sense to me, because *if* it's a kerberos-problem it should be there with 3.0.22 as well, isn't it? The most strange thing at the end: On my workstation (FreeBSD 6.2 as well) it works. Same config (I checked *every line, /etc/krb5 *and* /usr/local/etc/smb.conf), same kerberos, also samba 3.0.23d - I have no idea what's going right here and wrong on the other machines. Perhaps a different encryption of the tickets? But how can I influence this? The ticket I get after 'kinit' is arcfour-encrypted - on the (not working) server as well as on the (working) workstation. Any suggestions and further questions are welcome... Matthew -- Ciao/BSD - Matthias Matthias Schuendehuette <msch [at] snafu.de>, Berlin (Germany) PGP-Key at <pgp.mit.edu> and <wwwkeys.de.pgp.net> ID: 0xDDFB0A5F
Felipe Augusto van de Wiel
2007-Feb-05 13:51 UTC
[Samba] Problem with [homes] under 3.0.23x
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/04/2007 02:14 PM, Matthias Schuendehuette wrote:> Hello, > > I found another strange problem while migrating from 3.0.22 to 3.0.23x > (with 'x' eq 'd' now): > > I can't access my [homes]-share anymore - if i try, the samba-server > prompts me for a password. What *is* working is accessing the same > directory as [<username>]... > > E.g.: \\Sambaserver\matthias works whereas > \\Sambaserver\homes works *not* > > Unfortunaely it is essential for some of our processes to access the > specific homedir of each user with the same sharename. It did work again > after downgrade to 3.0.22. This implies that I didn't change anything on > the samba configuration. The server is a member of an W2k3-AD-Domain. OS > is FreeBSD 5.5 and 6.2 > > If I look at the log-files, everything looks fairly good, the > homes-Service is mapped to the right directory, the (Win-) Username is > mapped to the right unix account - no obvious problems in this area. > > The only problem I found in the logfiles is a failure to decrypt > incoming ticket (I think, this is why the password request pops up) when > I try to access the homes-share. As said before, no problems when > accessing all the other shares (there are lots!). What is different when > accessing the homes-share? > > I tried MIT-Kerberos as well as Heimdal 0.64 (IIRC, FreeBSD base), no > difference. This makes kind of sense to me, because *if* it's a > kerberos-problem it should be there with 3.0.22 as well, isn't it?[homes] is a special share, AFAIK (and AIUI) it will share the home of the user, not all the homes. If you can use another name, just create a new share called [home] or [homedirs] and it probably will do the tricky.> The most strange thing at the end: On my workstation (FreeBSD 6.2 as > well) it works. Same config (I checked *every line, /etc/krb5 *and* > /usr/local/etc/smb.conf), same kerberos, also samba 3.0.23d - I have no > idea what's going right here and wrong on the other machines. Perhaps a > different encryption of the tickets? But how can I influence this? The > ticket I get after 'kinit' is arcfour-encrypted - on the (not working) > server as well as on the (working) workstation.Are you sure that you have the same environment user? It seems that something is a little bit different with regards to the users available and also on the share configuration (sometimes it is more than the smb.conf).> Any suggestions and further questions are welcome...Maybe posting your smb.conf and relevant logs would help to identifiy where's the problem.> MatthewKind regards, - -- Felipe Augusto van de Wiel <felipe@paranacidade.org.br> Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFxzaOCj65ZxU4gPQRAljPAKCj/iacGQDO4nHYHy7jXHDlXugdOACgoeQu eY8It2AD/PhesZsTIFMhCKo=j/Lu -----END PGP SIGNATURE-----