This is keeping you from seeing DOMAIN\username:> winbind use default domain = yes
Personally I like this option especially when you have large domains
with trust relationships.
You also may want to look at putting "client use spnego = yes" into
your
smb.conf since your using W2k3.
Can you get a valid kerberoes ticket from kinit?
What does your klist -e look like?
Several of us are trying to nail out similiar errors. I have this
working correctly on a Mandrake 9.2 server using Samba3.0.pre1.....but
it's not working on my Gentoo box running Samba3.0.1
Look for my post and maybe compare notes...
Tim
On Fri, 2003-12-19 at 23:22, Brian Spiegel wrote:> Here's a followup. I also get these errors in the smbd logs. The
thing is,
> the share directory has full permissions (0777) and the smb.conf is set to
> be fully readable, writeable and okay for guests.
>
> [2003/12/19 15:21:23, 0] smbd/service.c:make_connection_snum(677)
> '/home/bspiegel/test/' does not exist or is not a directory, when
> connecting to [test]
> [2003/12/19 15:21:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2003/12/19 15:21:23, 3] smbd/connection.c:yield_connection(69)
> Yielding connection to test
> [2003/12/19 15:21:23, 3] smbd/error.c:error_packet(94)
> error string = Permission denied
> [2003/12/19 15:21:23, 3] smbd/error.c:error_packet(118)
> error packet at smbd/reply.c(286) cmd=117 (SMBtconX)
> NT_STATUS_BAD_NETWORK_NAME
>
>
> -----Original Message-----
> From: Brian Spiegel [mailto:BSpiegel@Matchnet.com]
> Sent: Friday, December 19, 2003 2:53 PM
> To: 'samba@lists.samba.org'
> Subject: [Samba] Cannot access shares from a Win2k client
>
> Hey all.
>
> I'm running Samba 3.0.1 as a domain member in a Win2k3 ADS domain.
I'm
> attempting to view shares on the samba server via a Win2000 client.
>
> I've been getting the following messages from the smbd logs and I'm
> wondering why. I can connect to the Samba server (using the IP only) to
> view which shares are available, but when I double click the share to
access
> it, I get a "network name cannot be found" on the share.
>
> >From smbd log:
> [2003/12/19 14:25:08, 3] libads/kerberos_verify.c:setup_keytab(147)
> unable to create MEMORY: keytab (Unknown Key table type)
> [2003/12/19 14:25:08, 3] libads/kerberos_verify.c:ads_verify_ticket(280)
> ads_verify_ticket: unable to setup keytab
> [2003/12/19 14:25:08, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
> Failed to verify incoming ticket!
>
> Can anyone shed some light on what this might be caused by?
>
> Also, I'm running winbind for UNIX/Windows user/group mapping. The
'wbinfo
> -u' command works, but it spits out only the user names rather than
> DOMAIN\username. Since usernames aren't unique across our OSes,
'getent
> passwd' results in duplicate entries. Groups are not prefixed by their
> domain either. Anyone have this problem?
>
> Below are my configs:
>
> smb.conf
> --
> [global]
> ; smbd settings
> log level = 3
> log file = /var/log/samba/log.%m
> server string = %U [Samba Server %v]
> ; Active Directory settings
> ; dns proxy = yes
> workgroup = FOO
> security = ADS
> realm = FOO.COM
> local master = no
> domain master = no
> preferred master = no
> os level = 0
> ; winbind stuff
> winbind separator = +
> winbind enum users = yes
> idmap uid = 10000-20000
> winbind enum groups = yes
> idmap gid = 10000-20000
> winbind use default domain = yes
> password server = dc.foo.com
> encrypt passwords = yes
>
> [test]
> comment = Samba functionality test directory
> path = /home/user/test/
> read only = no
> browsable = yes
> writable = yes
> guest ok = yes
>
>
> krb5.conf
> --
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> ticket_lifetime = 24000
> default_realm = FOO.COM
> default_tgs_enctypes = des-cbc-crc des-cbc-md5
> default_tkt_enctypes = des-cbc-crc des-cbc-md5
> dns_lookup_realm = true
> dns_lookup_kdc = true
>
> [realms]
> FOO.COM = {
> kdc = dc.foo.com:88
> admin_server = dc.foo.com:749
> default_domain = foo.com
> }
>
> [domain_realm]
> .foo.com = FOO.COM
> foo.com = FOO.COM
>
> [kdc]
> profile = /var/kerberos/krb5kdc/kdc.conf
>
> [appdefaults]
> pam = {
> debug = false
> ticket_lifetime = 36000
> renew_lifetime = 36000
> forwardable = true
> krb4_convert = false
> }
>
>
> nsswitch.conf
> --
> ...
> passwd: files winbind
> shadow: files
> group: files winbind
> host: files dns winbind
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba