Huyler, Christopher M
2004-Apr-23 19:47 UTC
[Samba] Issues with Samba 3.0.2 on OSX using ADS.
We have a Win2K network at work and I've been trying to integrate my Mac 10.3 machine into the network. It seems that once one thing is working, something else is not. I have read through various Mac tutorials found on the web but none seem to solve my problem. Right now I have Active Directory Domain Logons working successfully but Samba will not allow anyone (from Mac/Unix/Windows) to connect. I keep getting the following entries in the /var/log/samba/log.smbd log: [2004/04/23 15:07:03, 0] /SourceCache/samba/samba-56/samba/source/smbd/server.c:main(747) smbd version 3.0.2 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2004/04/23 15:07:19, 1] /SourceCache/samba/samba-56/samba/source/smbd/sesssetup.c:reply_spnego_k erberos(173) Failed to verify incoming ticket! I can't figure it out. I'm positive that Kerberos is configured correctly because I can run kinit and klist successfully and I can log in using my domain account. Here is some more info: [root@usfrosx1 root]# net ads leave -S usildc03 -U huych02%xxxxxxxx Removed 'USFROSX1' from realm 'CA.COM' [root@usfrosx1 root]# net ads testjoin -S usildc03 -U huych02%xxxxxxxx [2004/04/23 15:33:27, 0] /SourceCache/samba/samba-56/samba/source/libads/kerberos.c:ads_kinit_pas sword(133) kerberos_kinit_password USFROSX1$@CA.COM failed: Client not found in Kerberos database Join to domain is not valid [root@usfrosx1 root]# net ads join -S usildc03 -U huych02%xxxxxxxx [2004/04/23 15:33:42, 0] /SourceCache/samba/samba-56/samba/source/libads/ldap.c:ads_add_machine_a cct(1086) Warning: ads_set_machine_sd: Unexpected information received Using short domain name -- TANT-A01 Joined 'USFROSX1' to realm 'CA.COM' [root@usfrosx1 root]# net ads testjoin -S usildc03 -U huych02%xxxxxxxx Join is OK After all that, I still get the reply_spnego_kerberos(173) errors. Any help would be appreciated, I have searched the net up and down and nothing seems to help. Below is a copy of my smb.conf file for reference: [global] netbios name = usfrosx1 workgroup = TANT-A01 server string = Mac OS X security = ads realm = CA.COM password server = USILDC03 USILDC05 encrypt passwords = yes use spnego = yes client use spnego = yes printer admin = @admin, @staff unix charset = UTF-8-MAC display charset = UTF-8-MAC dos charset = 437 guest account = unknown level2 oplocks = no [homes] comment = User Home Directories browseable = no read only = no [public] path = /tmp public = yes writable = no printable = no [printers] path = /tmp printable = yes
Huyler, Christopher M
2004-Apr-26 13:53 UTC
[Samba] Issues with Samba 3.0.2 on OSX using ADS.
Can anyone help me with this? -----Original Message----- From: Huyler, Christopher M Sent: Friday, April 23, 2004 3:47 PM To: samba@lists.samba.org Subject: [Samba] Issues with Samba 3.0.2 on OSX using ADS. We have a Win2K network at work and I've been trying to integrate my Mac 10.3 machine into the network. It seems that once one thing is working, something else is not. I have read through various Mac tutorials found on the web but none seem to solve my problem. Right now I have Active Directory Domain Logons working successfully but Samba will not allow anyone (from Mac/Unix/Windows) to connect. I keep getting the following entries in the /var/log/samba/log.smbd log: [2004/04/23 15:07:03, 0] /SourceCache/samba/samba-56/samba/source/smbd/server.c:main(747) smbd version 3.0.2 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2004/04/23 15:07:19, 1] /SourceCache/samba/samba-56/samba/source/smbd/sesssetup.c:reply_spnego_k erberos(173) Failed to verify incoming ticket! I can't figure it out. I'm positive that Kerberos is configured correctly because I can run kinit and klist successfully and I can log in using my domain account. Here is some more info: [root@usfrosx1 root]# net ads leave -S usildc03 -U huych02%xxxxxxxx Removed 'USFROSX1' from realm 'CA.COM' [root@usfrosx1 root]# net ads testjoin -S usildc03 -U huych02%xxxxxxxx [2004/04/23 15:33:27, 0] /SourceCache/samba/samba-56/samba/source/libads/kerberos.c:ads_kinit_pas sword(133) kerberos_kinit_password USFROSX1$@CA.COM failed: Client not found in Kerberos database Join to domain is not valid [root@usfrosx1 root]# net ads join -S usildc03 -U huych02%xxxxxxxx [2004/04/23 15:33:42, 0] /SourceCache/samba/samba-56/samba/source/libads/ldap.c:ads_add_machine_a cct(1086) Warning: ads_set_machine_sd: Unexpected information received Using short domain name -- TANT-A01 Joined 'USFROSX1' to realm 'CA.COM' [root@usfrosx1 root]# net ads testjoin -S usildc03 -U huych02%xxxxxxxx Join is OK After all that, I still get the reply_spnego_kerberos(173) errors. Any help would be appreciated, I have searched the net up and down and nothing seems to help. Below is a copy of my smb.conf file for reference: [global] netbios name = usfrosx1 workgroup = TANT-A01 server string = Mac OS X security = ads realm = CA.COM password server = USILDC03 USILDC05 encrypt passwords = yes use spnego = yes client use spnego = yes printer admin = @admin, @staff unix charset = UTF-8-MAC display charset = UTF-8-MAC dos charset = 437 guest account = unknown level2 oplocks = no [homes] comment = User Home Directories browseable = no read only = no [public] path = /tmp public = yes writable = no printable = no [printers] path = /tmp printable = yes