hello i have finally set up the following configuration: debian testing / samba-3.07 member of a w2k Active Directory, security =ads
now i am able to: - list users and group with wbinfo -u | -g - authenticate domain users via pam_winbind - list and connect to share on AD server with kerberos ( smbclient -k ) - list and connect to share on SAMBA server _from_samba_server_ ( smbclient -k //SAMBA_SERVER/ _BUT_ trying to connect to samba share from AD server (net use * \\SAMBA_SERVER\share ) prompt me for a password and log gives me the famous "failed to verify incoming ticket" : [2004/10/20 09:24:42, 3] smbd/server.c:exit_server(614) Server exit (process_smb: send_smb failed.) [2004/10/20 09:24:42, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(193) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2004/10/20 09:24:42, 3] libads/kerberos_verify.c:ads_verify_ticket(307) ads_verify_ticket: krb5_rd_req with auth failed (Success) [2004/10/20 09:24:42, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! [2004/10/20 09:24:42, 3] smbd/error.c:error_packet(129) error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE i have try to play with enc-type in krb5.conf to no avail. here is my krb5.conf: [libdefaults] default_realm = OPENDOOR.NET [realms] OPENDOOR.NET = { kdc = nicotine.opendoor.net:88 } output of klist -5e : Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 10/20/04 11:40:14 10/20/04 21:40:14 krbtgt/[EMAIL PROTECTED] Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 10/20/04 11:40:33 10/20/04 21:40:14 [EMAIL PROTECTED] ( samba server ) Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 10/20/04 11:40:49 10/20/04 21:40:14 [EMAIL PROTECTED] ( AD server ) Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 installed package: debian testing samba 3.0.7-1 samba-common 3.0.7-1 libkrb53 1.3.4-4 krb5-user 1.3.4-4 any idea ? -- -- Thomas Constans -- http://www.opendoor.fr [EMAIL PROTECTED] 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba