samba - Dec 2003 - ADS and Winbind ... Can't access with Samba host name ...

Greetings ...

    It seems I have really got myself confused ...

    I have a Win2K3 ADS domain, I have two FedoraCore systems, one with 
Samba 3.0.0 and the other with Samba 3.0.1.  Both give me the same problem.

    If I try access the Samba shares from Win2K3 using the host number, 
I get prompted for a username and password, and no matter what I type 
in, I can't get in.

    If I use the Samba server IP address, I am able to get into shares 
without been prompted for user details, but Point'nPrint don't work, it 
too requests user details.

    I do seem to be getting two errors in my logs ... First in smbd.log

[2003/12/18 13:50:19, 0] lib/util_sock.c:get_peer_addr(948)
  getpeername failed. Error was Transport endpoint is not connected
[2003/12/18 16:18:07, 0] lib/util_sock.c:get_peer_addr(948)
  getpeername failed. Error was Transport endpoint is not connected

    And the other in the machine log with the IP address eg ...
        10.1.1.20.log
[2003/12/18 14:51:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
  Failed to verify incoming ticket!
[2003/12/18 14:51:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
  Failed to verify incoming ticket!

    But in the machine log with the hostname, I am getting normal 
messages ...

    I have tried to make changes in /etc/krb5.conf, but I don't get any 
further ...

    I have tried a few status checks with net, all hosts work fine ...

[root@fd1-test-01 samba]# net lookup ldap
10.1.1.16:389
10.1.1.17:389

[root@fd1-test-01 samba]# net lookup dc
10.1.1.16
10.1.1.17

    But net lookup kdc, master domain don't return any thing, so I don't
know what else to look for ...

Thanks
Mailed
Lee

It appears there are a number of us with this exact same problem. I
posted this same question a few days ago and have seen 2 or 3 others
mention the same symptoms since then but have yet to see any specific
sollution.

I assumed this would be an issue with WINS but I've tested WINS lookups
from both Windows clients, Linux clients and Samba server and all seem
to function properly.

The fact that my net lookup all work fine is the only difference between
our problems.

[log.smbd]

[2003/12/17 18:40:04, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
  Failed to verify incoming ticket!

[lob.winbindd]

[2003/12/17 18:39:58, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
  krb5_cc_get_principal failed (No credentials cache found)


Would appreciate some direct answers to this problem regarding WINS host
vs. IP address share mapping from Windows clients.

Thanks,

Peter


________________________________________________________________________
> From: C.Lee Taylor <leet@leenx.co.za>
> To: samba@lists.samba.org
> Subject: [Samba] ADS and Winbind ... Can't access with Samba host name
...
> Date: Thu, 18 Dec 2003 16:59:28 +0200
> 
> Greetings ...
> 
>     It seems I have really got myself confused ...
> 
>     I have a Win2K3 ADS domain, I have two FedoraCore systems, one with 
> Samba 3.0.0 and the other with Samba 3.0.1.  Both give me the same problem.
> 
>     If I try access the Samba shares from Win2K3 using the host number, 
> I get prompted for a username and password, and no matter what I type 
> in, I can't get in.
> 
>     If I use the Samba server IP address, I am able to get into shares 
> without been prompted for user details, but Point'nPrint don't
work, it
> too requests user details.
> 
>     I do seem to be getting two errors in my logs ... First in smbd.log
> 
> [2003/12/18 13:50:19, 0] lib/util_sock.c:get_peer_addr(948)
>   getpeername failed. Error was Transport endpoint is not connected
> [2003/12/18 16:18:07, 0] lib/util_sock.c:get_peer_addr(948)
>   getpeername failed. Error was Transport endpoint is not connected
> 
>     And the other in the machine log with the IP address eg ...
>         10.1.1.20.log
> [2003/12/18 14:51:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
>   Failed to verify incoming ticket!
> [2003/12/18 14:51:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
>   Failed to verify incoming ticket!
> 
>     But in the machine log with the hostname, I am getting normal 
> messages ...
> 
>     I have tried to make changes in /etc/krb5.conf, but I don't get any
> further ...
> 
>     I have tried a few status checks with net, all hosts work fine ...
> 
> [root@fd1-test-01 samba]# net lookup ldap
> 10.1.1.16:389
> 10.1.1.17:389
> 
> [root@fd1-test-01 samba]# net lookup dc
> 10.1.1.16
> 10.1.1.17
> 
>     But net lookup kdc, master domain don't return any thing, so I
don't
> know what else to look for ...
> 
> Thanks
> Mailed
> Lee

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lee,

please file a bug for me and we'll work on
getting this resolved.  This is the 3rd report
of the same symptoms.   Thanks.



cheers, jerry




C.Lee Taylor wrote:
| Greetings ...
|
|    It seems I have really got myself confused ...
|
|    I have a Win2K3 ADS domain, I have two FedoraCore systems, one with
| Samba 3.0.0 and the other with Samba 3.0.1.  Both give me the same
problem.
|
|    If I try access the Samba shares from Win2K3 using the host number, I
| get prompted for a username and password, and no matter what I type in,
| I can't get in.
|
|    If I use the Samba server IP address, I am able to get into shares
| without been prompted for user details, but Point'nPrint don't work,
it
| too requests user details.
|
|    I do seem to be getting two errors in my logs ... First in smbd.log
|
| [2003/12/18 13:50:19, 0] lib/util_sock.c:get_peer_addr(948)
|  getpeername failed. Error was Transport endpoint is not connected
| [2003/12/18 16:18:07, 0] lib/util_sock.c:get_peer_addr(948)
|  getpeername failed. Error was Transport endpoint is not connected
|
|    And the other in the machine log with the IP address eg ...
|        10.1.1.20.log
| [2003/12/18 14:51:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
|  Failed to verify incoming ticket!
| [2003/12/18 14:51:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
|  Failed to verify incoming ticket!
|
|    But in the machine log with the hostname, I am getting normal
| messages ...
|
|    I have tried to make changes in /etc/krb5.conf, but I don't get any
| further ...
|
|    I have tried a few status checks with net, all hosts work fine ...
|
| [root@fd1-test-01 samba]# net lookup ldap
| 10.1.1.16:389
| 10.1.1.17:389
|
| [root@fd1-test-01 samba]# net lookup dc
| 10.1.1.16
| 10.1.1.17
|
|    But net lookup kdc, master domain don't return any thing, so I
don't
| know what else to look for ...
|
| Thanks
| Mailed
| Lee
|
|


- --
~ ----------------------------------------------------------------------
~ Hewlett-Packard            ------------------------- http://www.hp.com
~ SAMBA Team                 ---------------------- http://www.samba.org
~ GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
~ "If we're adding to the noise, turn off this song" --Switchfoot
(2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/4pbCIR7qMdg1EfYRAuOxAJ9BHqjtY7mVCO4JSi57j1e999e1JQCfX5yg
72ROuACLvNWcSmZbLpF2gdQ=+J2Y
-----END PGP SIGNATURE-----