Hello, a few people asked about this problem here, but up to now I have not seen a solution. System: fresh installed Debian Woody with backported packages from backports.org, nothing else, only samba3 running. System ist intended as replacement for our old windows-fileserver. Situation: after installation and configuration all worked well, accessing shares works without password-checking. samba3 authenticates against an ADS, net ads join -U administrator joins the samba-server to the ADS, net ads user -U administrator gives me a list of all ADS-users. Then I updated my system from the original debian-mirrors and backports.org, and now I get this error when a workstation accesses a share. Also on the workstation appears a dialog box and asks for username and password. [2003/11/25 19:19:03, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) Failed to verify incoming ticket! Winbind was not running. After restarting Winbind and accessing the share again I got in syslog these messages: Nov 26 11:10:05 samba winbindd[26631]: [2003/11/26 11:10:05, 0] nsswitch/winbindd_util.c:rescan_trusted_domains(172) Nov 26 11:10:05 samba winbindd[26631]: rescan_trusted_domains: Can't find my own domain! Nov 26 11:10:50 samba smbd[26636]: [2003/11/26 11:10:50, 0] lib/username.c:map_username(128) Nov 26 11:10:50 samba smbd[26636]: can't open username map /etc/samba/smbusers. Error No such file or directory Ok, /etc/samba/smbusers is missing. But why? I have no idea, where to search further. Please give me any hints. Mit freundlichen Gr??en Wolfgang Wagner -- Systemadministration Riwa GmbH, Zwingerstra?e 1, 87435 Kempten, +49-831-52 29 63-537 eMail: wolfgang.wagner@riwa-gis.de
On Wed, 26 Nov 2003, Wolfgang Wagner wrote:> Hello, > > a few people asked about this problem here, but up to now I have not seen a solution. > > System: > fresh installed Debian Woody with backported packages from backports.org, nothing else, > only samba3 running. System ist intended as replacement for our old windows-fileserver. > > Situation: > after installation and configuration all worked well, accessing shares works without > password-checking. > > samba3 authenticates against an ADS, > net ads join -U administrator joins the samba-server to the ADS, > net ads user -U administrator gives me a list of all ADS-users. > > Then I updated my system from the original debian-mirrors and backports.org, and now I > get this error when a workstation accesses a share. Also on the workstation appears a > dialog box and asks for username and password. > > [2003/11/25 19:19:03, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) > Failed to verify incoming ticket!This possibly means that your version of Kerberos is not able to handle the requirements of the Windows server you are trying to negotiate the join with. If you are using SuSE Linux your samba-3.x should be linked with the latest Heimdal, if Red Hat you need to link against MIT 1.3.1.> > Winbind was not running. After restarting Winbind and accessing the share again I got > in syslog these messages: > > Nov 26 11:10:05 samba winbindd[26631]: [2003/11/26 11:10:05, 0] nsswitch/winbindd_util.c:rescan_trusted_domains(172) > Nov 26 11:10:05 samba winbindd[26631]: rescan_trusted_domains: Can't find my own domain! > Nov 26 11:10:50 samba smbd[26636]: [2003/11/26 11:10:50, 0] lib/username.c:map_username(128) > Nov 26 11:10:50 samba smbd[26636]: can't open username map /etc/samba/smbusers. Error No such file or directory > > Ok, /etc/samba/smbusers is missing. But why? >did you create this file? Typical contents are: root = Administrator Cheers, John T.> > I have no idea, where to search further. > > Please give me any hints. > > > Mit freundlichen Gr??en > > > Wolfgang Wagner > -- > Systemadministration > Riwa GmbH, Zwingerstra?e 1, 87435 Kempten, +49-831-52 29 63-537 > eMail: wolfgang.wagner@riwa-gis.de > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >-- John H Terpstra Email: jht@samba.org
Hi Wolfgang I too have reached the same position I am running Samba 3.0.0.2 on Redhat 7.3 with all the relevant kerberos library updates and trying to authenticate to a Windows 2003 active directory. Winbind is running well I can set permissions on the samba share and the linux side of things, but cannot authenticate from a windows XP to the Samba share. Rgds Alex Needham "Wolfgang Wagner" <wolfgang.wagner@riwa-gis.de> wrote in message news:65258BE0D52E044FBA8C41AABE6E454103A3C3@exchgsrv.in.riwa-gis.de... Hello, a few people asked about this problem here, but up to now I have not seen a solution. System: fresh installed Debian Woody with backported packages from backports.org, nothing else, only samba3 running. System ist intended as replacement for our old windows-fileserver. Situation: after installation and configuration all worked well, accessing shares works without password-checking. samba3 authenticates against an ADS, net ads join -U administrator joins the samba-server to the ADS, net ads user -U administrator gives me a list of all ADS-users. Then I updated my system from the original debian-mirrors and backports.org, and now I get this error when a workstation accesses a share. Also on the workstation appears a dialog box and asks for username and password. [2003/11/25 19:19:03, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) Failed to verify incoming ticket! Winbind was not running. After restarting Winbind and accessing the share again I got in syslog these messages: Nov 26 11:10:05 samba winbindd[26631]: [2003/11/26 11:10:05, 0] nsswitch/winbindd_util.c:rescan_trusted_domains(172) Nov 26 11:10:05 samba winbindd[26631]: rescan_trusted_domains: Can't find my own domain! Nov 26 11:10:50 samba smbd[26636]: [2003/11/26 11:10:50, 0] lib/username.c:map_username(128) Nov 26 11:10:50 samba smbd[26636]: can't open username map /etc/samba/smbusers. Error No such file or directory Ok, /etc/samba/smbusers is missing. But why? I have no idea, where to search further. Please give me any hints. Mit freundlichen Grüßen Wolfgang Wagner -- Systemadministration Riwa GmbH, Zwingerstraße 1, 87435 Kempten, +49-831-52 29 63-537 eMail: wolfgang.wagner@riwa-gis.de -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
> From: John H Terpstra [mailto:jht@samba.org] > > This possibly means that your version of Kerberos is not able > to handle > the requirements of the Windows server you are trying to negotiate the > join with. > > If you are using SuSE Linux your samba-3.x should be linked with the > latest Heimdal, if Red Hat you need to link against MIT 1.3.1.Thank you John for your help. One more question: why should I use different kerberos-libs on SuSE and RedHat? Exists there a link in the documentation or in your new samba-book? Which version should I use with Debian woody? Or more precise, which feature should the libkrb support (a link to documentation would make me happy)? Thank you Mit freundlichen Gr??en Wolfgang Wagner -- Systemadministration Riwa GmbH, Zwingerstra?e 1, 87435 Kempten, +49-831-52 29 63-537 eMail: wolfgang.wagner@riwa-gis.de