Greetings,

=20

I've set up a Fedora Core 4 server to be a file server, among other
things, to a mostly-Windows network. The Windows server I'm using to
authenticate against is a fully-patched Windows 2003 Small Business
server. I've used as many tutorials online that I can find. However,
once the server joins the domain and a share has been created, I am
bombarded with constant login prompts to view the share, no matter what
the username/password I use. I'm never able to map/view the share.

=20

I've gotten the box to join the Windows domain:

=20

[root@server ~]# net ads join -U username

username's password:

[2006/02/03 14:18:39, 0] libads/ldap.c:ads_add_machine_acct(1405)

ads_add_machine_acct: Host account for server already exists -
modifying old account

Using short domain name -- DOMAIN

Joined 'SERVER' to realm 'DOMAIN.LOCAL'

=20

I've been able to initialize the user:

=20

[root@server ~]# kinit username

Password for username@DOMAIN.LOCAL:

[root@server ~]#

=20

I've been able to view the klist data:

=20

[root@server ~]# klist

Ticket cache: FILE:/tmp/krb5cc_0

Default principal: username@DOMAIN.LOCAL

=20

Valid starting Expires Service principal

02/03/06 14:23:17 02/04/06 00:23:19 krbtgt/ DOMAIN.LOCAL@DOMAIN.LOCAL

renew until 02/04/06 14:23:17

=20

=20

Kerberos 4 ticket cache: /tmp/tkt0

klist: You have no tickets cached

=20

I've been able to use smbclient to view a default admin share on another
server (IE: smbclient //servername/c$). I've used wbinfo -u and wbinfo
-g to view the live list of domain users and groups. I can view net ads
information as such:

=20

[root@server ~]# net ads info

LDAP server: 10.34.1.20

LDAP server name: ad-server

Realm: DOMAIN.LOCAL

Bind Path: dc=3DDOMAIN,dc=3DLOCAL

LDAP port: 389

Server time: Fri, 03 Feb 2006 14:35:00 GMT

KDC server: 10.34.1.20

Server time offset: 0

=20

No matter what I've tried to do, I cannot view the shares on the Samba
server from any other Windows box. I've dug through every web link I can
find online. Every link I can dig up through Google now is marked as
read. Below are my configuration files. Any ideas? I would appreciate
any help.

=20

Thanks,

Ryan

=20

Server Information ( /proc/version ):

Fedora Core 4

Linux version 2.6.14-1.1656_FC4smp
(bhcompile@hs20-bc1-4.build.redhat.com) (gcc version 4.0.2 20051125 (Red
Hat 4.0.2-8)) #1 SMP Thu Jan 5 22:26:33 EST 2006

=20

/etc/samba/smb.conf:

Version: 3.0.14a-2

=20

#=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D=3D=3D=3D=3D =
Global Settings
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

[global]

=20

workgroup =3D domain

server string =3D Resources Device

log file =3D /var/log/samba/smb.%m.log

max log size =3D 500

=20

realm =3D DOMAIN.LOCAL

password server =3D ad-server.domain.local

security =3D ADS

encrypt passwords =3D yes

=20

client signing =3D yes

#use kerberos keytab =3D true

socket options =3D TCP_NODELAY SO_RCVBUF=3D8192 SO_SNDBUF=3D8192

winbind uid =3D 10000-20000

winbind gid =3D 10000-20000

winbind separator =3D +

winbind enum users =3D yes

winbind enum groups =3D yes

idmap uid =3D 10000-20000

idmap gid =3D 10000-20000

winbind use default domain =3D yes

winbind nested groups =3D yes

# winbind trusted domains only =3D no

=20

#ldap idmap suffix =3D ou=3DIdmap,dc=3Ddomain,dc=3Dlocal

=20

local master =3D no

domain master =3D no

preferred master =3D no

dns proxy =3D no

=20

#=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D Share Definitions
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D

=20

[ZeeDrive]

comment =3D General User Drive

path =3D /path/to/share

public =3D yes

browseable =3D yes

writeable =3D yes

valid users =3D @"domain users"

force user =3D %S

=20

/etc/krb5.conf

Version: krb5-libs-1.4-3

=20

[libdefaults]

default_realm =3D DOMAIN.LOCAL

default_keytab_name =3D FILE:/etc/krb5.keytab

default_lookup_realm =3D true

default_lookup_kdc =3D true

=20

[realms]

DOMAIN.LOCAL =3D {

kdc =3D ad-server.domain.local

}

=20

[domain_realms]

.domain.local =3D DOMAIN.LOCAL

=20

=20

Repeating Error Log Message from /var/log/samba/smb.X.X.X.X.log

This error is generated every time I try to view the share information
on the samba server:

=20

[2006/02/03 14:49:59, 1] libads/kerberos_verify.c:ads_verify_ticket(324)

ads_verify_ticket: krb5_get_server_rcache failed (Permission denied in
replay cache code)

[2006/02/03 14:49:59, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)

Failed to verify incoming ticket!

=20

No other logs are generating any worth-while errors.

=20

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba