"kinit administrator" works fine, and stores a ticket in the cache: [EMAIL PROTECTED] root]# klist -5 Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal 10/10/03 06:39:19 10/10/03 16:39:19 krbtgt/[EMAIL PROTECTED] [EMAIL PROTECTED] root]#
Joining the domain works: [EMAIL PROTECTED] root]# net ads join Using short domain name -- HOME Joined 'FIREWALL' to realm 'HOME.EXAMPLE.COM' [EMAIL PROTECTED] root]#
If I switch to the Active Directory server, it shows firewall as a member of the directory, with an OS of Samba 3.0.0, so there's no problem here.
However, trying to access a share on server01 fails: [EMAIL PROTECTED] root]# smbclient -k //server01/e$ [2003/10/10 06:43:40, 0] libsmb/clientgen.c:cli_receive_smb(121) SMB Signature verification failed on incoming packet! session setup failed: Server packet had invalid SMB signature! [EMAIL PROTECTED] root]# smbclient -k //server01/testshare [2003/10/10 06:48:10, 0] libsmb/clientgen.c:cli_receive_smb(121) SMB Signature verification failed on incoming packet! session setup failed: Server packet had invalid SMB signature!
If I try to access a share on a Win2k Pro machine, it works flawlessly: [EMAIL PROTECTED] root]# smbclient -k //desktop01/c$ smb: \> quit [EMAIL PROTECTED] root]#
My config files are attached below.
I am playing with this in a development lab with the intention of learning a bit more about Linux and Linux/Windows interoperability. Eventually, I'm heading for single sign-on across my Linux and Windows workstations (using winbindd, etc. as discussed in the HOWTO-Collection.) My Windows boxes (Win98SE, Win2K Pro/Server, WinXP Pro, Win2k3 Server) have no trouble authenticating through the Active Directory on server01.
I'm probably missing something incredibly obvious, but any assistance would be most appreciated.
Thanks, Terry
Here are my config files (domain name has been changed):
/etc/samba/smb.conf: [global] realm = HOME.EXAMPLE.COM workgroup = HOME security = ADS
/etc/krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/loc/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
[libdefaults] ticket_lifetime = 24000 default_realm = HOME.EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = false default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5
[realms]
HOME.EXAMPLE.COM = {
kdc=server01.home.example.com
admin_server = server01.home.example.com
default_domain = home.example.com
}[domain_realm] .home.example.com = HOME.EXAMPLE.COM home.example.com = HOME.EXAMPLE.COM
[kdc] profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
