Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#7237 - samba upgrade from 3.0.24 to 3.0.25 breaks authentication
Attached to Project:
Arch Linux
Opened by hypermegachi (hypermegachi) - Tuesday, 22 May 2007, 17:05 GMT
Last edited by Tobias Powalowski (tpowa) - Friday, 25 May 2007, 18:30 GMT
Opened by hypermegachi (hypermegachi) - Tuesday, 22 May 2007, 17:05 GMT
Last edited by Tobias Powalowski (tpowa) - Friday, 25 May 2007, 18:30 GMT
|
Detailsi get the following error messages...
[2007/05/22 12:57:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(202) Failed to verify incoming ticket! [2007/05/22 12:57:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(202) Failed to verify incoming ticket! [2007/05/22 12:57:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(202) Failed to verify incoming ticket! [2007/05/22 12:57:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(202) Failed to verify incoming ticket! [2007/05/22 12:58:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2007/05/22 12:58:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2007/05/22 12:58:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! downgrading back to 3.0.24 fixed all problems. i see that heimdal is out of date...new version on is 0.8.1, where on arch it's still 0.7.2. so i guess it's possible that this is the problem. i'll give ABS a try and see if that fixes things. |
This task depends upon
the heimdal in ABS appears to be heavily patched, so i won't have a clue about what i'm doing.
i'll keep using 3.0.24 until you guys figure this out or if it's an upstream fix. thanks.
i've never used smbpasswd, since i'm using ads.
here's my config files, if it'll help.
krb5.conf
-------------------
[libdefaults]
default_realm = HQ.COMPANY.COM
[realms]
HQ.COMPANY.COM = {
kdc = 192.168.100.1
}
[domain_realm]
.hq.company.com = HQ.COMPANY.COM
hq.company.com = HQ.COMPANY.COM
-------------------
smb.conf
-------------------
[global]
log file = /var/log/samba/log.%m
encrypt passwords = yes
realm = HQ.COMPANY.COM
server string = Samba Server
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
winbind nested groups = yes
workgroup = WORKGROUP
security = ADS
preferred master = no
dns proxy = no
wins proxy = no
auth methods = winbind
max log size = 50
log level = 1
-------------------
the only difference, 32bit vs 64bit.
how do i "reset" samba completely?
the "force group" and/or "force user" in smb.conf is the difference between it working and not working.
lol...no idea what that means.
anyways, i think this is more samba side than arch side. i have a bug going in their bugzilla, so you can close this one.
oh, and minor feature request: it'd be nice to have /etc/conf.d/samba in the BACKUP=() in the next build. that way, people who use winbind don't have to keep changing it each upgrade to have it start in the daemon. thanks.