Re: [Samba] starnge Auth problem in w2k Domain with ADS

This is a discussion on Re: [Samba] starnge Auth problem in w2k Domain with ADS within the Samba forums, part of the Networking and Network Related category; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anders Berg wrote: | Hi Christoph, | | you have come to the wrong group. Not that ...


Go Back   Usenet Forums > Networking and Network Related > Samba

Reload this Page Re: [Samba] starnge Auth problem in w2k Domain with ADS

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 05-12-2004
Gerald
 
Posts: n/a
Default Re: [Samba] starnge Auth problem in w2k Domain with ADS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Anders Berg wrote:
| Hi Christoph,
|
| you have come to the wrong group. Not that this
| question does not belong here, its just that nobody is
| willing to answer it!
|
| 4 questions so far in May have been about this topic
| (mine: http://lists.samba.org/archive/samba...ay/085521.html) ,
| and many more earlier months. And there are surprisingly
| few replys.
|
| I _don't_ think it's because it's a RTFM question, or is
| adressed in such detail so many times that people just can't
| be bothered answering it. I think its because they don't wanna
| touch it (they meaning the people that have written/worked with
| these parts of Samba)!
....
| I used both Heimdal 0.6.2 (I have a 2003 server I auth.
| gainst, and the Samba docs say that Heimdal must be used with 2003.)
| and the MIT 1.3.3 kerbos and both 3.0.3 and 3.0.4 Samba.
|
| I see that one person has sendt a "Me too" mail in reply
| to you already. :)
|
| Will the real Samba community please stand up?!

I'll assume that your not just trolling for an answer.

For the record, you will always have better luck with
MIT krb5 1.3.x and Heimdal 0.6.1 or later. Both supprt
the type 23 enc type used by Windows 200x.

There are a couple of likely reasons why you are prompted
for a password:

(a) the krb5 ticket cannot be verfied (possibly due to
an improper kerberos setup on the Samba box)
(b) getpwnam() fails for the user (see logs for instances
of 'Gwt_Pwnam did not')

If you can connect to the share using the server's IP
address but IP address, this is indicative of a krb5
configuration error somewhere. When usiong the IP address,
the client will revert to the NTLMSSP mechanism during
session setup (rather than sending a krb5 ticket).



cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAoiiBIR7qMdg1EfYRAqEfAKDUJcAixHjuvoZE4vGL1Y Yk4oMLXgCgofYP
dSNA4Je5YQ0MIiY6dTeHyS0=
=mqvS
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 04:03 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0