Samba in Windows 2003 Active Directory domain - cannot access Samba shares

Samba in Windows 2003 Active Directory domain - cannot access Samba shares

Post by james.gard » Thu, 24 Feb 2005 22:21:57


ello,

I've spent the last couple of days following the HOW-TO's on how to
make a Linux server running Samba part of a Windows 2003 Active
Directory, and a lot of supplemental research from these groups and
elsewhere, but now I'm totally stuck and I can't seem to find the
answer anywhere.

Basically, most of the configuration seems to be working:

- The Linux box is showing up in "Active Directory Users and
Computers".

- "getent group" and "getent passwd" also show the Active Directory
groups and users.

- "kinit" appears to run OK, it asks for the password of the specified
user and then finishes with no further messages or errors displayed.

- "klist" shows the following:

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: <username removed>@OFFICE.GROOVYTRAIN.COM

Valid starting Expires Service principal
02/22/05 20:21:42 02/23/05 06:21:27
kbtgt/ XXXX@XXXXX.COM

- "net ads join" runs successfully:

[2005/02/23 11:43:54, 0] libads/ldap.c:ads_add_machine_acct(1405)
ads_add_machine_acct: Host account for eastlondon already exists -
modifying old account
Using short domain name -- OFFICE
Joined 'EASTLONDON' to realm 'OFFICE.GROOVYTRAIN.COM'

- "wbinfo -g" returns the list of Active Directory groups.

- "wbinfo -u" returns the list of Active Directory users.

- I can use "smbclient -k" to connect to shares on the Windows
machines without requiring a username and password.

However, I can't access the Samba shares from the Windows machines
(both Windows 2000 and Windows 2003).

Using "c:\>net use W: \\eastlondon\www" produces the following output:

The password or user name is invalid for \\eastlondon\www.

Enter the user name for 'eastlondon': XXXX@XXXXX.COM
Enter the password for eastlondon:
System error 1326 has occurred.

Logon failure: unknown user name or bad password.

And creates the following entries in "log.smbd":

[2005/02/23 11:50:39, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username OFFICE+<username removed> is invalid on this system

And in "log.winbindd":

[2005/02/23 12:00:32, 1]
nsswitch/winbindd_user.c:winbindd_getpwnam(161)
user '<username removed>' does not exist

Using "c:\>net use W: \\<ip address removed>\www" produces the
following output:

Enter the user name for '<ip address removed>': jamesg
Enter the password for <ip address removed>:
System error 1311 has occurred.

There are currently no logon servers available to service the logon
request.

It creates nothing in "log.smbd", but creates the following entries in
"log.winbindd":

[2005/02/23 12:12:00, 0] libsmb/smb_signing.c:signing_good(240)
signing_good: BAD SIG: seq 1
[2005/02/23 12:12:00, 0] libsmb/clientgen.c:cli_receive_smb(121)
SMB Signature verification failed on incoming packet!

The following error is generated in the System Log on the Active
Directory controller:

While processing a TGS request for the target server
host/eastlondon.groovytrain.com, the account
EASTLONDON$@OFFICE.GROOVYTRAIN.COM did not have a suitable key for
generating a Kerberos ticket (the missing key has an ID of 8). The
requested etypes were 16. The accounts available etypes were 3 1.

I'm using Samba 3.0.11 and MIT Kerberos 1.2.7 on Redhat 9.

My krb5.conf is as follows:

[logging]
default = FILE:/var/log/krb5libs.log
k
 
 
 

1. Cannot access SAMBA Shares from Windows 2003 Servers

2. lost access to several parts of a samba share after upgrading samba

Hello!

I upgraded samba from 2.2.3a-12.3 to 3.0.2-1.2 on my server side
(linux debian woody with several sid backports, including samba)
yesterday.

Since, I don't have access anymore to dirs on remote filesystem
which are symbolic links pointing to another filesystem when
I use smbmount on the client side (linux debian sid). The error
message is something like "no such file or dir". I can't change
to those dirs, nor list files, etc.

OTOH, i can acces those remote dirs if I use smbclient, or if I
use windows as the client. I can change dirs, manipulate files, etc.
All is like it was before upgrading.

I remember I had to switch from nfs to samba 2.2 some times ago
precisely because nfs didn't allow me to access symbolic links
pointing to another filesystem. Samba 2.2 did. And now samba
3.0 doesn't. So I'm back with the original problem again.
Samba 3.0 doesn't, by default, allow me to access whatever nfs
wouldn't allow me to. Any way to defeat this?

3. Please Advise: How to join a RedHat 9.0 samba server into Windows 2003 Active Directory

4. Mac OS X file copy error in samba share on a samba-share

5. Best Distro for Samba PDC + Squid Authenication to Samba PDC + Samba File Server

6. Samba 3.0 as Active Directory Domain Controller with MIT Kerberos 1.3 KDC?

7. Samba to Active Directory domain workstation migration

8. Samba 3.0beta2 -> Samba 3.0beta2 Domain Trust relationship

9. Samba and samba-domain

10. trust between Windows 2003 Active Directory domain and Windows NT domain

11. A few questions regarding samba from a samba and windows rookie

12. eigene web domain kostenlose domain registrierung domain driven design homepage de domain samba domain

13. how to move files to 2003 AD domain from Samba domain

14. fm domain com domain verwaltung eine domain kaufen samba domain controller eine domain kaufen

15. SAMBA 3.0.9; WINDOWS 2003; PERMISSION DENIED ON MOUNTED SHARE