Re: [Samba] Kerberos negotion error? reply_spnego_kerberos(250)
On Thu, 2005-01-13 at 11:04 -0600, [EMAIL PROTECTED] wrote: >> Good morning everyone, >> >> I have had Samba 3.0.9 running on Solaris, connected to a Windows AD >> domain for a couple of weeks now, and i've suddenly started getting the >> following errors: >> >> [2005/01/07 11:31:55, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) >> Username \IT075$ is invalid on this system >> >So, are you running winbindd, and is it really Samba 3.0.9? These are >requests for machine accounts, as the local system service is performing >a network activity. Winbindd has been providing these accounts for a >number of versions now. If you don't run winbindd, then it's your >responsibility to provide all the equivalent accounts. > >Andrew Bartlett Yes, this is really version 3.0.9 according to wbinfo -V As it turns out, winbindd wasn't running. Doesn't it start automatically? If not, how would I ensure that it does? Also, I've been reading on winbindd, and I'm wondering if its really necessary for what I want to accomplish. All I'm trying to do is allow Windows hosts to access files on a Unix (Solaris) server. I don't want my users logging on to the servers with their Windows credentials. With this in mind, is it necessary to configure nsswitch.conf? When you mention machine accounts, are you saying its necessary to create accounts for each machine in smbpasswd? Please forgive my ignorance, Samba is brand new to me. -- Ryan Worthington Systems and Network Analyst "Difficile est satiram non scribere." This message is confidential and may be privileged. It is intended solely for the named addressee. If you are not the intended recipient please inform us. Any unauthorised dissemination, distribution or copying hereof is prohibited. As we cannot guarantee the genuineness or completeness of the information contained in this message, the statements set forth above are not legally binding. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Kerberos negotion error? reply_spnego_kerberos(250)
Good morning everyone, I have had Samba 3.0.9 running on Solaris, connected to a Windows AD domain for a couple of weeks now, and i've suddenly started getting the following errors: [2005/01/07 11:31:55, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username \IT075$ is invalid on this system It looks like some sort of issue with Kerberos, but I'm able to connect to shares with no problem. I've gone though the list archives and seen this error in various logs, but no one has addressed it specifically. Any idea what this means? -- Ryan Worthington Systems and Network Analyst "Difficile est satiram non scribere." This message is confidential and may be privileged. It is intended solely for the named addressee. If you are not the intended recipient please inform us. Any unauthorised dissemination, distribution or copying hereof is prohibited. As we cannot guarantee the genuineness or completeness of the information contained in this message, the statements set forth above are not legally binding. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Joining ADS errors when using net ads join command
Dear Samba Gurus, I've been R'ing TFM but I can't seem to find any help with this problelm. When I attempt to get samba to join the active directory domain I get the following error message: [2004/12/08 14:42:51, 0] libads/kerberos.c:get_service_ticket(335) get_service_ticket: kerberos_kinit_password [EMAIL PROTECTED]@WESTAM-US.CORP failed: Client not found in Kerberos database Bus Error I have an account created in the active directory server, so I have no idea why its coming back with Client not found. Does the repetition of the realm (i.e. [EMAIL PROTECTED]) make sense? If that is what is causing the server to deny the kerberos certificate, where would I look to find the replication? Also, what would cause the bus error warning? Thank you in advance -- Ryan Worthington "Difficile est satiram non scribere." This message is confidential and may be privileged. It is intended solely for the named addressee. If you are not the intended recipient please inform us. Any unauthorised dissemination, distribution or copying hereof is prohibited. As we cannot guarantee the genuineness or completeness of the information contained in this message, the statements set forth above are not legally binding. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] password synch with Active Directory and v. 2.0.9
Good morning Samba mailing list. I have found myself suddenly thrown at a Samba problem, and I have been unable to find the answer I need in the documentation. I did find some interesting tidbits on the Samba 2.X trouble shooting guide, but the issue still remains. I'm running Samba 2.0.9 on Solaris 7 and Windows 2000 with Active Directory on some sort of Dell hardware. For the most part, the samba shares work just fine. Windows users (running XP clients) are able to access directories on the Sun box with a minimum of fuss. However, when their windows password gets changed, they are no longer able to authenticate until I manually change their password in smbpasswd. Is there a way to automate this in Samba 2.0.9? I've spoken with a few administrators who use Samba 3.x, and they have said that winbindd does this exact thing, however I cannot upgrade at this time. I've included the global section of my smb.conf for your perusal. [global] netbios name = GOOSE server string = Samba %v on %L security = domain workgroup = WESTAM-US password server = ads-02 encrypt passwords = Yes map to guest = Bad User log file = /opt/local/samba/var/log/log.%m max log size = 1000 name resolve order = wins lmhosts host bcast socket options = TCP_NODELAY IPTOS_LOWDELAY wins server = 172.17.0.6 printing = bsd print command = /usr/bin/lp -r -d %p %s preserve case = yes # hosts allow = 172.17.0.0/255.255.0.0 EXCEPT 172.17.2.37 Thank you in advance for any advice, and I hope this isn't one of those RTFM situations. -- Ryan Worthington Systems and Network Analyst IT Infrastructure Team WestAM - Houston, TX 713-963-5315 "Difficile est satiram non scribere." This message is confidential and may be privileged. It is intended solely for the named addressee. If you are not the intended recipient please inform us. Any unauthorised dissemination, distribution or copying hereof is prohibited. As we cannot guarantee the genuineness or completeness of the information contained in this message, the statements set forth above are not legally binding. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba