Hi,
I'm using samba-*-3.0.6-4.3.100mdk and libkrb51-1.3-6.3.100mdk on
LM10.0. A similar summary to what I'm seeing could be found here.
http://lists.samba.org/archive/samba/2004-July/090210.html
My relevant config info could be found below. May I ask how could I
solve this in LM10.0? What packages do I need to update? The problem
does not arise with NT. It happens to only W2K, XP, 2003.
Regards,
Norman Zhang
/var/log/samba/log.2d-052
[2004/12/06 15:19:50, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
# rpm -qa 'samba*'
samba-common-3.0.6-4.3.100mdk
samba-client-3.0.6-4.3.100mdk
samba-doc-3.0.6-4.3.100mdk
samba-winbind-3.0.6-4.3.100mdk
samba-swat-3.0.6-4.3.100mdk
samba-server-3.0.6-4.3.100mdk
# rpm -qa '*krb5*'
libkrb51-1.3-6.3.100mdk
ftp-client-krb5-1.3-6.3.100mdk
/etc/samba/smb.conf
[global]
workgroup = ARKONDOMAIN
realm = HQ.ARKONNETWORKS.COM
server string = Samba Server %v
security = ADS
obey pam restrictions = Yes
password server = 192.168.22.22
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 18
preferred master = No
local master = No
domain master = No
dns proxy = No
ldap ssl = no
idmap uid = 15000-20000
idmap gid = 15000-20000
template homedir = /hsd1/transfer/%u
template shell = /bin/bash
winbind separator = /
winbind use default domain = Yes
[transfer]
comment = Temporary Storage
path = /hsd1/transfer
read only = No
create mask = 0777
directory mask = 0777
/etc/krb5.conf
[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = HQ.ARKONNETWORKS.COM
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
permitted_enctypes = des3-hmac-sha1 des-cbc-crc
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
forwardable = true
proxiable = true
[realms]
HQ.ARKONNETWORKS.COM = {
kdc = dc2.hq.arkonnetworks.com:88
admin_server = dc2.hq.arkonnetworks.com:749
default_domain = hq.arkonnetworks.com
}
[domain_realm]
.hq.arkonnetworks.com = HQ.ARKONNETWORKS.COM
[kdc]
profile = /etc/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
[login]
krb4_convert = false
krb4_get_tickets = false