samba - Feb 2005 - smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket!

Hello!

i have troubles to connect to a samba 3.0.10 which is configured
to be an AD domain member using it's netbios name rather than it's
ip address from a windows 2000 professionall machine with sp4
installed.
the ADS is a w2k server with sp4.
i use MIT kerberos 1.3.6 on a debian sarge machine, which sould not
require a krb5.conf as found in the samba howto collection.
i have read some postings with the same subject, but i didn't get a
solution from the answers given.

smb.conf:

[global]
netbios name = server-samba
security = ADS
realm = BS1.ADS.LOCAL
password server = w2k-srv.bs1.ads.local
client use spnego = yes
use spnego = yes
workgroup = BS1_ADS
server string = %h server (Samba %v)
wins server = 192.168.0.100
dns proxy = no
name resolve order = lmhosts host wins bcast
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
encrypt passwords = true
passdb backend = tdbsam guest
obey pam restrictions = no
invalid users = root
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template home dir = /home/%U
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes

[data]
comment = Test
path = /tmp
read only = yes

/etc/hosts:

127.0.0.1       localhost.localdomain   localhost       debian
192.168.0.100   w2k-srv.bs1.ads.local w2k-srv

i use the ADS as dns server in resolv.conf.


when connecting using the ip address of the samba machine all works
fine, but when i use the netbios name i always get a login dialog...
whats wrong with this setup?

thx, 

Joysn

-- 
"The greatest proof that intelligent life other that humans exists in
 the universe is that none of it has tried to contact us!"

Hi Ryan!

thx for your document, but a few minutes ago i managed to setup my
config correct :-] the trouble was that i had winbind running during
joining to the domain. i stopped winbind during joining the samba
server, then created the keytab with 'net ads keytab CREATE' and
started winbind. and now all works as i want it to do ... :-)

Joysn

On Thu, Feb 03, 2005 at 03:48:53PM -0500, Ryan Frantz
wrote:
> 
> Attached is the document I referred to.  It's basically my attempt to
> distill all the documentation down to a few pages that I could use to
> recreate the build process.  Note that the versions of the packages
> listed are old; refer to the source web sites for up-to-date software.
> 
-- 
"The greatest proof that intelligent life other that humans exists in
 the universe is that none of it has tried to contact us!"