Hi all, I successfully joined my Samba 3.0.6 box to our AD tree. wbinfo -t and -u work as expected. But when I try to access a share on the samba box (Windows AD controller), I am asked for a password, Samba then logs [2004/09/06 11:49:28, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! winbindd sometimes logs [2004/09/06 11:42:55, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313) krb5_cc_get_principal failed (No credentials cache found) What is wrong here? Any ideas? Regards Olaf
Update your kerberos5 to version 1.3.* . Best Regards! Jacky Kim .>Hi all, > >I successfully joined my Samba 3.0.6 box to our AD tree. wbinfo -t and -u >work as expected. But when I try to access a share on the samba box (Windows >AD controller), I am asked for a password, Samba then logs > >[2004/09/06 11:49:28, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) > Failed to verify incoming ticket! > > >winbindd sometimes logs > >[2004/09/06 11:42:55, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313) > krb5_cc_get_principal failed (No credentials cache found) > > >What is wrong here? Any ideas? > >Regards >Olaf >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba >
Jacky Kim wrote:> Update your kerberos5 to version 1.3.* .Well, it is already that version: morpheus:~# dpkg -l|grep -i kerb ii krb5-config 1.6 Configuration files for Kerberos Version 5 ii libkadm55 1.3.4-3 MIT Kerberos administration runtime librarie ii libkrb53 1.3.4-3 MIT Kerberos runtime libraries Or is another package missing? Perhaps the package dependencies are not set correctly. Regards Olaf
On Mon, 2004-09-06 at 11:51 +0200, Olaf Zaplinski wrote:> Hi all, > > I successfully joined my Samba 3.0.6 box to our AD tree. wbinfo -t and -u > work as expected. But when I try to access a share on the samba box (Windows > AD controller), I am asked for a password, Samba then logs > > [2004/09/06 11:49:28, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) > Failed to verify incoming ticket! > > > winbindd sometimes logs > > [2004/09/06 11:42:55, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313) > krb5_cc_get_principal failed (No credentials cache found)I had this same problem. Samba + AD compatibility seems to be much farther from complete than advertised, and is rather flimsy. It's easier to use RPC, but if your domain is in native mode, there are likely to be problems still. We have a server that worked great for several years, and since we switched to native mode AD (which the samba FAQs say is fine) we have had no end of problems. Numerous groups don't work, ACLs stopped working, hangs, crashes etc. Not trying to discourage you, but be warned that this is the sort of bleeding-edge stuff that will actually leave you bleeding. -Mark