I've set up a Fedora Core 4 server to be a file server, among other
things, to a mostly-Windows network. The Windows server I'm using to
authenticate against is a fully-patched Windows 2003 Small Business
server. I've used as many tutorials online that I can find. However,
once the server joins the domain and a share has been created, I am
bombarded with constant login prompts to view the share, no matter what
the username/password I use. I'm never able to map/view the share.


I've gotten the box to join the Windows domain:


[root@server ~]# net ads join -U username

username's password:

[2006/02/03 14:18:39, 0] libads/ldap.c:ads_add_machine_acct(1405)

ads_add_machine_acct: Host account for server already exists -
modifying old account

Using short domain name -- DOMAIN

Joined 'SERVER' to realm 'DOMAIN.LOCAL'


I've been able to initialize the user:


[root@server ~]# kinit username

Password for username@DOMAIN.LOCAL:

[root@server ~]#


I've been able to view the klist data:


[root@server ~]# klist

Ticket cache: FILE:/tmp/krb5cc_0

Default principal: username@DOMAIN.LOCAL


Valid starting Expires Service principal

02/03/06 14:23:17 02/04/06 00:23:19 krbtgt/ DOMAIN.LOCAL@DOMAIN.LOCAL

renew until 02/04/06 14:23:17



Kerberos 4 ticket cache: /tmp/tkt0

klist: You have no tickets cached


I've been able to use smbclient to view a default admin share on another
server (IE: smbclient //servername/c$). I've used wbinfo -u and wbinfo
-g to view the live list of domain users and groups. I can view net ads
information as such:


[root@server ~]# net ads info

LDAP server:

LDAP server name: ad-server


Bind Path: dc=3DDOMAIN,dc=3DLOCAL

LDAP port: 389

Server time: Fri, 03 Feb 2006 14:35:00 GMT

KDC server:

Server time offset: 0


No matter what I've tried to do, I cannot view the shares on the Samba
server from any other Windows box. I've dug through every web link I can
find online. Every link I can dig up through Google now is marked as
read. Below are my configuration files. Any ideas? I would appreciate
any help.





Server Information ( /proc/version ):

Fedora Core 4

Linux version 2.6.14-1.1656_FC4smp
( (gcc version 4.0.2 20051125 (Red
Hat 4.0.2-8)) #1 SMP Thu Jan 5 22:26:33 EST 2006



Version: 3.0.14a-2


#=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D=3D=3D=3D=3D =
Global Settings
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=



workgroup =3D domain

server string =3D Resources Device

log file =3D /var/log/samba/smb.%m.log

max log size =3D 500



password server =3D ad-server.domain.local

security =3D ADS

encrypt passwords =3D yes


client signing =3D yes

#use kerberos keytab =3D true

socket options =3D TCP_NODELAY SO_RCVBUF=3D8192 SO_SNDBUF=3D8192

winbind uid =3D 10000-20000

winbind gid =3D 10000-20000

winbind separator =3D +

winbind enum users =3D yes

winbind enum groups =3D yes

idmap uid =3D 10000-20000

idmap gid =3D 10000-20000

winbind use default domain =3D yes

winbind nested groups =3D yes

# winbind trusted domains only =3D no


#ldap idmap suffix =3D ou=3DIdmap,dc=3Ddomain,dc=3Dlocal


local master =3D no

domain master =3D no

preferred master =3D no

dns proxy =3D no


#=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D Share Definitions
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=



comment =3D General User Drive

path =3D /path/to/share

public =3D yes

browseable =3D yes

writeable =3D yes

valid users =3D @"domain users"

force user =3D %S



Version: krb5-libs-1.4-3



default_realm =3D DOMAIN.LOCAL

default_keytab_name =3D FILE:/etc/krb5.keytab

default_lookup_realm =3D true

default_lookup_kdc =3D true




kdc =3D ad-server.domain.local




.domain.local =3D DOMAIN.LOCAL



Repeating Error Log Message from /var/log/samba/smb.X.X.X.X.log

This error is generated every time I try to view the share information
on the samba server:


[2006/02/03 14:49:59, 1] libads/kerberos_verify.c:ads_verify_ticket(324)

ads_verify_ticket: krb5_get_server_rcache failed (Permission denied in
replay cache code)

[2006/02/03 14:49:59, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)

Failed to verify incoming ticket!


No other logs are generating any worth-while errors.


To unsubscribe from this list go to the following URL and read the