tvsjr
2003-Oct-10 11:57 UTC
[Samba] Problems accessing shares when authenticating to Win 2k3 AD
I'm a bit of a newbie to Samba, and am having some trouble getting it
running with my Windows Server 2003 Active Directory. I've followed the
procedures in the HOWTO-Collection.pdf, with no luck.
"kinit administrator" works fine, and stores a ticket in the cache:
[root@firewall root]# klist -5
Default principal: administrator@HOME.EXAMPLE.COM
Valid starting Expires Service principal
10/10/03 06:39:19 10/10/03 16:39:19 krbtgt/HOME.EXAMPLE.COM@HOME.EXAMPLE.COM
[root@firewall root]#
Joining the domain works:
[root@firewall root]# net ads join
Using short domain name -- HOME
Joined 'FIREWALL' to realm 'HOME.EXAMPLE.COM'
[root@firewall root]#
If I switch to the Active Directory server, it shows firewall as a member
of the directory, with an OS of Samba 3.0.0, so there's no problem here.
However, trying to access a share on server01 fails:
[root@firewall root]# smbclient -k //server01/e$
[2003/10/10 06:43:40, 0] libsmb/clientgen.c:cli_receive_smb(121)
SMB Signature verification failed on incoming packet!
session setup failed: Server packet had invalid SMB signature!
[root@firewall root]# smbclient -k //server01/testshare
[2003/10/10 06:48:10, 0] libsmb/clientgen.c:cli_receive_smb(121)
SMB Signature verification failed on incoming packet!
session setup failed: Server packet had invalid SMB signature!
If I try to access a share on a Win2k Pro machine, it works flawlessly:
[root@firewall root]# smbclient -k //desktop01/c$
smb: \> quit
[root@firewall root]#
My config files are attached below.
I am playing with this in a development lab with the intention of learning
a bit more about Linux and Linux/Windows interoperability. Eventually, I'm
heading for single sign-on across my Linux and Windows workstations (using
winbindd, etc. as discussed in the HOWTO-Collection.) My Windows boxes
(Win98SE, Win2K Pro/Server, WinXP Pro, Win2k3 Server) have no trouble
authenticating through the Active Directory on server01.
I'm probably missing something incredibly obvious, but any assistance would
be most appreciated.
Thanks,
Terry
Here are my config files (domain name has been changed):
/etc/samba/smb.conf:
[global]
realm = HOME.EXAMPLE.COM
workgroup = HOME
security = ADS
/etc/krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/loc/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = HOME.EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
[realms]
HOME.EXAMPLE.COM = {
kdc=server01.home.example.com
admin_server = server01.home.example.com
default_domain = home.example.com
}
[domain_realm]
.home.example.com = HOME.EXAMPLE.COM
home.example.com = HOME.EXAMPLE.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Apparently Analagous Threads
- rc3: Server packet had invalid SMB signature!
- SMB Signature verification failed on incoming packet!
- Client accessing Samba doesn't authenticate against Active Directory
- Numerous errors trying to authenticate samba against w2k3
- Active Directory authentication no longer works
Wisdom of the Ancients
