I have a Samba-3.0.23d installed on a CentOS4.4 server that cannot be connected to from other machines in the same W2K3 ADS. The server was added to the ADS successfully via "kinit [EMAIL PROTECTED]" and "net ads testjoin" works just fine. The clocks are NTP-synced and no clock slew errors are to be seen.
If WinXP/Win2K3 clients connect using \\ip.address\ it works fine, but if they use the hostname (short or FQDN), they fail to connect (even to get a share listing). They are prompted to login, and if they enter the very same username and password they are currently logged under Windows with - it works! It is almost definitely a Kerberos problem. Looks like a failed ticket exchange, leading to the failed login, and when the user manually types in their creds again, it does a NT4-style connect and it works? Anyway, "log level = 9" shows the failed connection showing errors like: [2006/12/21 07:56:19, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(261) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2006/12/21 07:56:19, 3] libads/kerberos_verify.c:ads_verify_ticket(399) ads_verify_ticket: krb5_rd_req with auth failed (Success) [2006/12/21 07:56:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(202) Failed to verify incoming ticket! [2006/12/21 07:56:19, 3] smbd/error.c:error_packet(146) error packet at smbd/sesssetup.c(204) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2006/12/21 07:56:19, 5] lib/util.c:show_msg(485) I have re-added the machine to the domain without any change. Any other ideas? I have just finished adding 16 Samba servers to 4 different domains and this is the only one to fail in such a way. I'm a bit stumped... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
