samba - Feb 2007 - Problem with [homes] under 3.0.23x

Hello,

I found another strange problem while migrating from 3.0.22 to 3.0.23x 
(with 'x' eq 'd' now):

I can't access my [homes]-share anymore - if i try, the samba-server 
prompts me for a password. What *is* working is accessing the same 
directory as [<username>]...

E.g.: \\Sambaserver\matthias works  whereas
      \\Sambaserver\homes    works *not*

Unfortunaely it is essential for some of our processes to access the 
specific homedir of each user with the same sharename. It did work 
again after downgrade to 3.0.22. This implies that I didn't change 
anything on the samba configuration. The server is a member of an 
W2k3-AD-Domain. OS is FreeBSD 5.5 and 6.2

If I look at the log-files, everything looks fairly good, the 
homes-Service is mapped to the right directory, the (Win-) Username is 
mapped to the right unix account - no obvious problems in this area.

The only problem I found in the logfiles is a failure to decrypt 
incoming ticket (I think, this is why the password request pops up) 
when I try to access the homes-share. As said before, no problems when 
accessing all the other shares (there are lots!). What is different 
when accessing the homes-share?

I tried MIT-Kerberos as well as Heimdal 0.64 (IIRC, FreeBSD base), no 
difference. This makes kind of sense to me, because *if* it's a 
kerberos-problem it should be there with 3.0.22 as well, isn't it?

The most strange thing at the end: On my workstation (FreeBSD 6.2 as 
well) it works. Same config (I checked *every line, /etc/krb5 *and* 
/usr/local/etc/smb.conf), same kerberos, also samba 3.0.23d - I have no 
idea what's going right here and wrong on the other machines. Perhaps a 
different encryption of the tickets? But how can I influence this? The 
ticket I get after 'kinit' is arcfour-encrypted - on the (not working) 
server as well as on the (working) workstation.

Any suggestions and further questions are welcome...

Matthew

-- 
Ciao/BSD - Matthias

Matthias Schuendehuette <msch [at] snafu.de>, Berlin (Germany)
PGP-Key at <pgp.mit.edu> and <wwwkeys.de.pgp.net> ID: 0xDDFB0A5F

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/04/2007 02:14 PM, Matthias Schuendehuette wrote:
> Hello,
> 
> I found another strange problem while migrating from 3.0.22 to 3.0.23x
> (with 'x' eq 'd' now):
> 
> I can't access my [homes]-share anymore - if i try, the samba-server
> prompts me for a password. What *is* working is accessing the same
> directory as [<username>]...
> 
> E.g.: \\Sambaserver\matthias works  whereas
>      \\Sambaserver\homes    works *not*
> 
> Unfortunaely it is essential for some of our processes to access the
> specific homedir of each user with the same sharename. It did work again
> after downgrade to 3.0.22. This implies that I didn't change anything
on
> the samba configuration. The server is a member of an W2k3-AD-Domain. OS
> is FreeBSD 5.5 and 6.2
> 
> If I look at the log-files, everything looks fairly good, the
> homes-Service is mapped to the right directory, the (Win-) Username is
> mapped to the right unix account - no obvious problems in this area.
> 
> The only problem I found in the logfiles is a failure to decrypt
> incoming ticket (I think, this is why the password request pops up) when
> I try to access the homes-share. As said before, no problems when
> accessing all the other shares (there are lots!). What is different when
> accessing the homes-share?
> 
> I tried MIT-Kerberos as well as Heimdal 0.64 (IIRC, FreeBSD base), no
> difference. This makes kind of sense to me, because *if* it's a
> kerberos-problem it should be there with 3.0.22 as well, isn't it?
	[homes] is a special share, AFAIK (and AIUI) it will share
the home of the user, not all the homes. If you can use another name,
just create a new share called [home] or [homedirs] and it probably
will do the tricky.

> The most strange thing at the end: On my workstation (FreeBSD 6.2 as
> well) it works. Same config (I checked *every line, /etc/krb5 *and*
> /usr/local/etc/smb.conf), same kerberos, also samba 3.0.23d - I have no
> idea what's going right here and wrong on the other machines. Perhaps a
> different encryption of the tickets? But how can I influence this? The
> ticket I get after 'kinit' is arcfour-encrypted - on the (not
working)
> server as well as on the (working) workstation.
	Are you sure that you have the same environment user? It
seems that something is a little bit different with regards to
the users available and also on the share configuration (sometimes
it is more than the smb.conf).

> Any suggestions and further questions are welcome...
	Maybe posting your smb.conf and relevant logs would help
to identifiy where's the problem.

> Matthew
	Kind regards,

- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br>
Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFxzaOCj65ZxU4gPQRAljPAKCj/iacGQDO4nHYHy7jXHDlXugdOACgoeQu
eY8It2AD/PhesZsTIFMhCKo=j/Lu
-----END PGP SIGNATURE-----