Same like Tommy,
Anyone out there can help us. There are a lot of people with this
problem and without solution. We don't know if it's something wrong in
our configuration or it's a samba bug.
When I'm trying to access a share in my linux box from Win2k
or WinXP using the IP address of my linux box it works great, however
using the netbios name it doesn't work:
============== Example =============C:\>net use * \\HSERINT1\fruza
The password or name of the user it's not valid for \\HSERINT1\fruza.
Write the password for \\HSERINT1\fruza:
Sytem error 5.
Access denyed.
C:\>net use * \\10.36.192.17\fruza
The unit F: is connected to \\10.36.192.17\fruza.
The command has completed succesfully.
C:\>
====================================
In the samba log file I have the following error when I try to connect
using the netbios name:
[2003/11/18 14:01:49, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
Winbind, getent, wbinfo, joining ads, kinit, klist everything works. My
smb.conf file is:
# Global parameters
[global]
workgroup = HGUV
realm = HGUV.LOCAL
server string = %h server (Samba %v)
security = ADS
password server = 10.36.192.24
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
printing = lprng
[homes]
comment = Home Directories
path = /home/%U
valid users = %D+%U
read only = No
create mask = 0664
directory mask = 0775
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[tmp]
comment = Temporary file space
path = /tmp
force user = inform
force group = inform
read only = No
guest ok = Yes
[Intranet]
comment = DocumentRoot del servidor web de la intranet del HGUV
path = /var/www
force user = inform
force group = inform
read only = No
create mask = 0777
directory mask = 0777
guest ok = Yes
Thanks in advance for any reply give us a clue.
Regards,
Fernando.
El mi?, 19 de 11 de 2003 a las 08:02, Fallsen, Tommy
escribi?:> Hi
> I successfully joined the AD as member server, smbclient
> \\\\hostname\\homes -U username works,
> but on a windows 2000 client connecting to the homes share using \\hostname
> failes with
>
> [2003/11/13 16:39:46, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
> Failed to verify incoming ticket!
> [2003/11/13 16:39:46, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
> Failed to verify incoming ticket!
> [2003/11/13 16:39:51, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
> Failed to verify incoming ticket!
> [2003/11/13 16:42:38, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
> Failed to verify incoming ticket!
> [2003/11/13 16:42:38, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
> Failed to verify incoming ticket!
> [2003/11/13 16:48:14, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
> Failed to verify incoming ticket!
> [2003/11/13 16:48:14, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
> Failed to verify incoming ticket!
>
> Oddly connecting to the share \\ip-adress works just fine, no errors.
> Is there something wrong with my setup?
>
> My smb.conf
> [global]
> workgroup = ????
> realm = ????.?????????.COM
> netbios name = hostname
> security = ADS
> password server = ads server
> log file = /opt/samba/var/log.%m
> max log size = 50
> preferred master = No
> local master = No
> domain master = No
> dns proxy = No
> wins proxy = Yes
> wins server = ?.?.?.?
> remote announce = ?.?.?.?
> NIS homedir = Yes
>
> [homes]
> comment = Home Directories
> read only = No
> browseable = No
>
> [printers]
> comment = All Printers
> path = /usr/spool/samba
> printable = Yes
> browseable = No
>
>
>
> kdc.onf and krb5.conf
>
>
> #
> # Copyright 1998-2002 Sun Microsystems, Inc. All rights reserved.
> # Use is subject to license terms.
> #
> #ident "@(#)kdc.conf 1.2 02/02/14 SMI"
>
> [kdcdefaults]
> kdc_ports = 88,750
>
> [realms]
> ___default_realm___ = {
> profile = /etc/krb5/krb5.conf
> database_name = /var/krb5/principal
> admin_keytab = /etc/krb5/kadm5.keytab
> acl_file = /etc/krb5/kadm5.acl
> kadmind_port = 749
> max_life = 8h 0m 0s
> max_renewable_life = 7d 0h 0m 0s
> default_principal_flags = +preauth
> }
>
>
>
> #
> #pragma ident "@(#)krb5.conf 1.2 99/07/20 SMI"
> # Copyright (c) 1999, by Sun Microsystems, Inc.
> # All rights reserved.
> #
>
> # krb5.conf template
> # In order to complete this configuration file
> # you will need to replace the __<name>__ placeholders
> # with appropriate values for your network.
> #
> [libdefaults]
> default_realm = ????.?????????.COM
>
> [realms]
> ????.?????????.COM = {
> kdc = ads server ip
> admin_server = ads server ip
> }
>
> [domain_realm]
> .????.?????????.com = ????.?????????.COM
> ????.?????????.com = ????.?????????.COM
>
> [logging]
> default = FILE:/var/krb5/kdc.log
> kdc = FILE:/var/krb5/kdc.log
> kdc_rotate = {
>
> # How often to rotate kdc.log. Logs will get rotated no more
> # often than the period, and less often if the KDC is not used
> # frequently.
>
> period = 1d
>
> # how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)
>
> versions = 10
> }
>
> [appdefaults]
> kinit = {
> renewable = true
> forwardable= true
> }
> gkadmin = {
> help_url = http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195
> }
>
>
>
> Thanks
>
> Tommy Fallsen
>
>
>
>
>
--
Yo uso software libre, ?Y tu?
?Qu? es el software libre? consulta:
http://www.gnu.org/philosophy/free-sw.es.html
Fernando Ruza
e-mail: feruza@terra.es
web: http://guada24.guadawireless.net
Tlf: 661123845
Yahoo! Messenger id: fruza
Linux user: #273644 (http://counter.li.org)
Debian Sid (Kernel 2.4.20 & ext3)
"In an internet without fences ... who needs 'gates'"