| View previous topic :: View next topic |
| Author |
Message |
beakerman
n00b
Joined: 18 Jul 2005
Posts: 17
|
 Posted: Wed Jul 20, 2005 2:01 pm Post subject: Krb5 Error |
 |
|
Okay got Samba shares they are able to be seen from my W2K box. I followed the instructions under the howto add a samba server to an existing AD domain and have completed it successfully. My wbinfo - g wbinfo - u ... etc are all working. However when I go to browse the share from my W2K box I get prompted for a username password instead of it using the credintials via windbind. I see an error in my samba directory for the server I am coming from and it says unable to verify incoming ticket ?? I am running mit-krb5 1.4 and googled for that error but none seem to fix my issue. my smb.conf is as follows
[global]
workgroup = FMCV3
netbios name = pdfserver
hosts allow = 10.255.255.
idmap uid = 10000-20000
idmap gid = 10000-20000
windbind enum users = yes
windbind separator = +
os level = 20
windbind enum groups = yes
security = ADS
encrypt passwords = yes
realm = FMCV3.ORG
password server = *
log file = /var/log/samba.%m
printing = bsd
preferred master = no
dns proxy = no
client schannel = no
[PDF Share]
path = /shr
browseable = yes
writeable = yes
guest ok = yes
force user = nobody
[pdf printer]
path = /tmp
printable = yes
writable = yes
guest ok =yes
print command = /nobodyscript/printpdf %s
lpq commnad =
lprm command =
my nsswitch.conf is
passwd: compat winbind
shadow: compat
group: compat winbind
hosts: files wins dns
networks: files
if you need any other info let me know as i can post it  |
|
| Back to top |
|
 |
abryantsev
n00b
Joined: 08 Apr 2005
Posts: 5
Location: Ukraine, Odessa
|
| Posted: Wed Jul 20, 2005 4:22 pm Post subject: |
|
|
Hi!
First of all, if you want to authenticate in AD against kerberos you should put -k option in smbclient string.
root# smbclient -L W2Kstation -k
or you will be prompted for password.
If it says that your ticket expired than you should get new ticket
root# kinit ADMINISTRATOR@YOUR.DOMAIN
Password:
klist command can show you about your tickets expirations.
If everything works properly you will get new ticket to authenticate against kerberos in AD.
Winbind maps AD users and groups into Linux environment but it does not exclude password prompting. |
|
| Back to top |
|
|
beakerman
n00b
Joined: 18 Jul 2005
Posts: 17
|
| Posted: Wed Jul 20, 2005 5:30 pm Post subject: |
|
|
| when I do the kinit it does issue me a new ticket. However I am wanting the W2K box to access a Samba share on my llinux box maybe I am just misunderstanding your answer ?? |
|
| Back to top |
|
|
abryantsev
n00b
Joined: 08 Apr 2005
Posts: 5
Location: Ukraine, Odessa
|
| Posted: Wed Jul 20, 2005 6:02 pm Post subject: |
|
|
Sorry, I misunderstood your post. You cannot get access to samba shares. I experience the similar problem, but I cannot even browse available shares on my Linux Samba server.
| Code: |
Gentoo samba # smbclient -L gentoo -U andrew
Password:
tree connect failed: ERRDOS - ERRnoaccess (Access denied.)
|
The same from the W2k, XP clients.
It happened after I compile samba with kerberos/ldap/winbind support, I guess. |
|
| Back to top |
|
|
beakerman
n00b
Joined: 18 Jul 2005
Posts: 17
|
| Posted: Wed Jul 20, 2005 6:07 pm Post subject: |
|
|
| I know its possible as I had it working I just need to rebuild I.E. I have made to many changes because I couldn't browse to my server. |
|
| Back to top |
|
|
|
Networking & Security
