Hey all.
I'm running Samba 3.0.1 as a domain member in a Win2k3 ADS domain. I'm
attempting to view shares on the samba server via a Win2000 client.
I've been getting the following messages from the smbd logs and I'm
wondering why. I can connect to the Samba server (using the IP only) to
view which shares are available, but when I double click the share to access
it, I get a "network name cannot be found" on the share.
>From smbd log:
[2003/12/19 14:25:08, 3] libads/kerberos_verify.c:setup_keytab(147)
unable to create MEMORY: keytab (Unknown Key table type)
[2003/12/19 14:25:08, 3] libads/kerberos_verify.c:ads_verify_ticket(280)
ads_verify_ticket: unable to setup keytab
[2003/12/19 14:25:08, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
Can anyone shed some light on what this might be caused by?
Also, I'm running winbind for UNIX/Windows user/group mapping. The
'wbinfo
-u' command works, but it spits out only the user names rather than
DOMAIN\username. Since usernames aren't unique across our OSes, 'getent
passwd' results in duplicate entries. Groups are not prefixed by their
domain either. Anyone have this problem?
Below are my configs:
smb.conf
--
[global]
; smbd settings
log level = 3
log file = /var/log/samba/log.%m
server string = %U [Samba Server %v]
; Active Directory settings
; dns proxy = yes
workgroup = FOO
security = ADS
realm = FOO.COM
local master = no
domain master = no
preferred master = no
os level = 0
; winbind stuff
winbind separator = +
winbind enum users = yes
idmap uid = 10000-20000
winbind enum groups = yes
idmap gid = 10000-20000
winbind use default domain = yes
password server = dc.foo.com
encrypt passwords = yes
[test]
comment = Samba functionality test directory
path = /home/user/test/
read only = no
browsable = yes
writable = yes
guest ok = yes
krb5.conf
--
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = FOO.COM
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
FOO.COM = {
kdc = dc.foo.com:88
admin_server = dc.foo.com:749
default_domain = foo.com
}
[domain_realm]
.foo.com = FOO.COM
foo.com = FOO.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
nsswitch.conf
--
...
passwd: files winbind
shadow: files
group: files winbind
host: files dns winbind