This is keeping you from seeing DOMAIN\username: > winbind use default domain = yes Personally I like this option especially when you have large domains with trust relationships.
You also may want to look at putting "client use spnego = yes" into your smb.conf since your using W2k3. Can you get a valid kerberoes ticket from kinit? What does your klist -e look like? Several of us are trying to nail out similiar errors. I have this working correctly on a Mandrake 9.2 server using Samba3.0.pre1.....but it's not working on my Gentoo box running Samba3.0.1 Look for my post and maybe compare notes... Tim On Fri, 2003-12-19 at 23:22, Brian Spiegel wrote: > Here's a followup. I also get these errors in the smbd logs. The thing is, > the share directory has full permissions (0777) and the smb.conf is set to > be fully readable, writeable and okay for guests. > > [2003/12/19 15:21:23, 0] smbd/service.c:make_connection_snum(677) > '/home/bspiegel/test/' does not exist or is not a directory, when > connecting to [test] > [2003/12/19 15:21:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2003/12/19 15:21:23, 3] smbd/connection.c:yield_connection(69) > Yielding connection to test > [2003/12/19 15:21:23, 3] smbd/error.c:error_packet(94) > error string = Permission denied > [2003/12/19 15:21:23, 3] smbd/error.c:error_packet(118) > error packet at smbd/reply.c(286) cmd=117 (SMBtconX) > NT_STATUS_BAD_NETWORK_NAME > > > -----Original Message----- > From: Brian Spiegel [mailto:[EMAIL PROTECTED] > Sent: Friday, December 19, 2003 2:53 PM > To: '[EMAIL PROTECTED]' > Subject: [Samba] Cannot access shares from a Win2k client > > Hey all. > > I'm running Samba 3.0.1 as a domain member in a Win2k3 ADS domain. I'm > attempting to view shares on the samba server via a Win2000 client. > > I've been getting the following messages from the smbd logs and I'm > wondering why. I can connect to the Samba server (using the IP only) to > view which shares are available, but when I double click the share to access > it, I get a "network name cannot be found" on the share. > > >From smbd log: > [2003/12/19 14:25:08, 3] libads/kerberos_verify.c:setup_keytab(147) > unable to create MEMORY: keytab (Unknown Key table type) > [2003/12/19 14:25:08, 3] libads/kerberos_verify.c:ads_verify_ticket(280) > ads_verify_ticket: unable to setup keytab > [2003/12/19 14:25:08, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) > Failed to verify incoming ticket! > > Can anyone shed some light on what this might be caused by? > > Also, I'm running winbind for UNIX/Windows user/group mapping. The 'wbinfo > -u' command works, but it spits out only the user names rather than > DOMAIN\username. Since usernames aren't unique across our OSes, 'getent > passwd' results in duplicate entries. Groups are not prefixed by their > domain either. Anyone have this problem? > > Below are my configs: > > smb.conf > -- > [global] > ; smbd settings > log level = 3 > log file = /var/log/samba/log.%m > server string = %U [Samba Server %v] > ; Active Directory settings > ; dns proxy = yes > workgroup = FOO > security = ADS > realm = FOO.COM > local master = no > domain master = no > preferred master = no > os level = 0 > ; winbind stuff > winbind separator = + > winbind enum users = yes > idmap uid = 10000-20000 > winbind enum groups = yes > idmap gid = 10000-20000 > winbind use default domain = yes > password server = dc.foo.com > encrypt passwords = yes > > [test] > comment = Samba functionality test directory > path = /home/user/test/ > read only = no > browsable = yes > writable = yes > guest ok = yes > > > krb5.conf > -- > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > ticket_lifetime = 24000 > default_realm = FOO.COM > default_tgs_enctypes = des-cbc-crc des-cbc-md5 > default_tkt_enctypes = des-cbc-crc des-cbc-md5 > dns_lookup_realm = true > dns_lookup_kdc = true > > [realms] > FOO.COM = { > kdc = dc.foo.com:88 > admin_server = dc.foo.com:749 > default_domain = foo.com > } > > [domain_realm] > .foo.com = FOO.COM > foo.com = FOO.COM > > [kdc] > profile = /var/kerberos/krb5kdc/kdc.conf > > [appdefaults] > pam = { > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > } > > > nsswitch.conf > -- > ... > passwd: files winbind > shadow: files > group: files winbind > host: files dns winbind > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba