I've spent the last couple of days following the HOW-TO's on how to
make a Linux server running Samba part of a Windows 2003 Active
Directory, and a lot of supplemental research from these groups and
elsewhere, but now I'm totally stuck and I can't seem to find the
Basically, most of the configuration seems to be working:
- The Linux box is showing up in "Active Directory Users and
- "getent group" and "getent passwd" also show the Active Directory
groups and users.
- "kinit" appears to run OK, it asks for the password of the specified
user and then finishes with no further messages or errors displayed.
- "klist" shows the following:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: <username removed>@OFFICE.GROOVYTRAIN.COM
Valid starting Expires Service principal
02/22/05 20:21:42 02/23/05 06:21:27
- "net ads join" runs successfully:
[2005/02/23 11:43:54, 0] libads/ldap.c:ads_add_machine_acct(1405)
ads_add_machine_acct: Host account for eastlondon already exists -
modifying old account
Using short domain name -- OFFICE
Joined 'EASTLONDON' to realm 'OFFICE.GROOVYTRAIN.COM'
- "wbinfo -g" returns the list of Active Directory groups.
- "wbinfo -u" returns the list of Active Directory users.
- I can use "smbclient -k" to connect to shares on the Windows
machines without requiring a username and password.
However, I can't access the Samba shares from the Windows machines
(both Windows 2000 and Windows 2003).
Using "c:\>net use W: \\eastlondon\www" produces the following output:
The password or user name is invalid for \\eastlondon\www.
Enter the user name for 'eastlondon': XXXX@XXXXX.COM
Enter the password for eastlondon:
System error 1326 has occurred.
Logon failure: unknown user name or bad password.
And creates the following entries in "log.smbd":
[2005/02/23 11:50:39, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username OFFICE+<username removed> is invalid on this system
And in "log.winbindd":
[2005/02/23 12:00:32, 1]
user '<username removed>' does not exist
Using "c:\>net use W: \\<ip address removed>\www" produces the
Enter the user name for '<ip address removed>': jamesg
Enter the password for <ip address removed>:
System error 1311 has occurred.
There are currently no logon servers available to service the logon
It creates nothing in "log.smbd", but creates the following entries in
[2005/02/23 12:12:00, 0] libsmb/smb_signing.c:signing_good(240)
signing_good: BAD SIG: seq 1
[2005/02/23 12:12:00, 0] libsmb/clientgen.c:cli_receive_smb(121)
SMB Signature verification failed on incoming packet!
The following error is generated in the System Log on the Active
While processing a TGS request for the target server
host/eastlondon.groovytrain.com, the account
EASTLONDON$@OFFICE.GROOVYTRAIN.COM did not have a suitable key for
generating a Kerberos ticket (the missing key has an ID of 8). The
requested etypes were 16. The accounts available etypes were 3 1.
I'm using Samba 3.0.11 and MIT Kerberos 1.2.7 on Redhat 9.
My krb5.conf is as follows:
default = FILE:/var/log/krb5libs.log