Mike King
2007-Jun-05 19:54 UTC
[Samba] Linux NIS/NFS/Samba server bound to Active Directory
Hello all! We are currently testing the implementation of a multi-use server at my work. I am working with a Windows 2003 RC2 domain controller, and a CentOS 5 NIS/NFS/Samba server. I've followed various how-to's and researched several errors during the past sixteen hours working on this but all things I try seem to come back with empty results. I have installed from RPM the version of Samba, Winbind, and all other relevant programs, followed the instruction on a few different sites on how to configure /etc/samba/smb.conf, /etc/kerb5.conf, and /etc/pam.d/* and every time I think I'm getting close, I always come back to the same errors. Here's the most recent. Errors I've come across, it looks like I'm getting close but I don't know what I'm missing. [2007/05/30 15:56:08, 3] smbd/process.c:process_smb(1068) Transaction 11 of length 1518 [2007/05/30 15:56:08, 3] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 9577) conn 0x0 [2007/05/30 15:56:08, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/05/30 15:56:08, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc807 [2007/05/30 15:56:08, 2] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/05/30 15:56:08, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/05/30 15:56:08, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2007/05/30 15:56:08, 3] smbd/sesssetup.c:reply_spnego_negotiate(697) reply_spnego_negotiate: Got secblob of size 1286 [2007/05/30 15:56:08, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(279) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2007/05/30 15:56:08, 3] libads/kerberos_verify.c:ads_verify_ticket(427) ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check failed) [2007/05/30 15:56:08, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2007/05/30 15:56:08, 3] smbd/error.c:error_packet_set(106) error packet at smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2007/05/30 15:56:08, 3] smbd/process.c:process_smb(1068) Transaction 12 of length 1518 [2007/05/30 15:56:08, 3] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 9577) conn 0x0 [2007/05/30 15:56:08, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/05/30 15:56:08, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc807 [2007/05/30 15:56:08, 2] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/05/30 15:56:08, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/05/30 15:56:08, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2007/05/30 15:56:08, 3] smbd/sesssetup.c:reply_spnego_negotiate(697) reply_spnego_negotiate: Got secblob of size 1286 [2007/05/30 15:56:08, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(279) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2007/05/30 15:56:08, 3] libads/kerberos_verify.c:ads_verify_ticket(427) ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check failed) [2007/05/30 15:56:08, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2007/05/30 15:56:08, 3] smbd/error.c:error_packet_set(106) error packet at smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE Any tips will be appreciated! Thanks! Michael T. King UNIX Systems Administrator Petris Technology <http://www.petris.com/> www.petris.com Support: <http://www.petris.com/support/> www.petris.com/support or e-mail <mailto:support@petris.com> support@petris.com
Apparently Analagous Threads
- s3 connect to s4 ads woes, need guidance..
- Help: Failed to verify incoming ticket! revisited, problems with Samba/2003
- Vista + samba 3.4 member server problem
- Samba on Linux + Windows Server 2003 R2 / ADS: Clients can connect using IP but no hostname
- I'm Sure I'm Missing Something Simple and Stupid, But...