I've just setup the samba box on my debian server (woody) with the standard debian packages provided by http://us1.samba.org/samba/ftp/Binary_Packages/Debian/samba3/ that i know as a standard samba package repository.
The other libs are the standard woody kerberos library (not the heimdal one). At this point the things that works are: I can join into domain, I can see with getent all the user and groups by my "active directory server" ( so the winbind seems to works!) I can use all the net commands I can see any machine in my windos network. The things that I can do is to enter with the machine name ( \\sambabox\share\ ) of course if I use the Ip i can enter into, but as i read here, is because with ip, no check has been done. I've check in my samba log .. and the error that i see is: [2004/04/19 23:37:48, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! [2004/04/19 23:37:48, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! [2004/04/19 23:37:48, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! [2004/04/19 23:37:48, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! [2004/04/19 23:37:48, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! I dunno if this is an error related with my kerberos library, I also tryed ( i'm going creazy) to install kerberos-heimdall library, but whit that library the winbind daemon dosen't work.... I paste my configurations file ... PLEASE PLEASE PLEASE ..... HELP ME!!!!! ---- smb.conf [global] workgroup = ULIXE realm = ULIXE.TO server string = %h server (Samba %v) security = ADS #ads server = 10.0.0.222 update encrypted = Yes encrypt passwords = Yes obey pam restrictions = no password server = nexus.ulixe.to passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = Yes wins server = 10.0.0.222 # ldap ssl = no # WINBIND OPTIONS winbind separator = - idmap uid = 10000-20000 idmap gid = 10000-20000 winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbind use default domain = no template shell = /bin/bash hostname lookups = Yes [printers] comment = All Printers path = /tmp create mask = 0700 printable = Yes browseable = No [ftp] path = /var/ftp read only = No guest ok = Yes [backup] comment = Directory di Backup path = /mnt/backup guest ok = No read only = Yes - - - - - ---- kerberos.conf [logging] default = FILE:/var/log/krb5/libs.log kdc = FILE:/var/log/krb5/kdc.log admin_server = FILE:/var/log/krb5/admin.log [libdefaults] ticket_lifetime = 24000 default_realm = ULIXE.TO default_tkt_enctypes = des-cbc-md5 des-cbc-crc default_tgs_enctypes = des-cbc-md5 des-cbc-crc permitted_enctypes = des-cbc-md5 des-cbc-crc default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 #default_tgs_enctypes = des-cbc-crc des-cbc-md5 #default_tkt_enctypes = des-cbc-crc des-cbc-md5 kdc_req_checksum_type = 2 forwardable = true proxiable = true ccache_type = 1 dns_lookup_realm = true dns_lookup_kdc = true [realms] ULIXE.TO = { kdc = nexus.ulixe.to default_domain = ulixe.to } [domain_realm] .ulixe.to = ULIXE.TO ulixe.to = ULIXE.TO [kdc] #profile = /etc/krb5kdc/kdc.conf [pam] debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba