Very similar (if not identical) to bug 1406. Trying to use a samba install as a MSDFS root. \\servername\dfs\<dfslink> does not work and \\serverip\dfs\<dfslink> works. Samba - 3.0.22 and Active Directory 2003 Domain - no winbind.
Created attachment 1979 [details] smb startup log with debug 10 startup of smb.log file with debug 10 (it also has 1 case of failure)
Created attachment 1980 [details] failed attempt log
Created attachment 1981 [details] success attempt log
anyone ?
Almost certainly the problem is this (from your log) : [2006/06/23 12:38:46, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(249) ads_secrets_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type [2006/06/23 12:38:46, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(249) ads_secrets_verify_ticket: enc type [17] failed to decrypt with error Bad encryption type [2006/06/23 12:38:46, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(249) ads_secrets_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type [2006/06/23 12:38:46, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(249) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2006/06/23 12:38:46, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(249) ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type [2006/06/23 12:38:46, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(249) ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type [2006/06/23 12:38:46, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(249) ads_secrets_verify_ticket: enc type [2] failed to decrypt with error Bad encryption type [2006/06/23 12:38:46, 10] passdb/secrets.c:secrets_named_mutex_release(821) secrets_named_mutex: released mutex for replay cache mutex [2006/06/23 12:38:46, 3] libads/kerberos_verify.c:ads_verify_ticket(378) ads_verify_ticket: krb5_rd_req with auth failed (Success) [2006/06/23 12:38:46, 1] smbd/sesssetup.c:reply_spnego_kerberos(197) Failed to verify incoming ticket! [2006/06/23 12:38:46, 3] smbd/error.c:error_packet(146) error packet at smbd/sesssetup.c(199) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2006/06/23 12:38:46, 5] lib/util.c:show_msg(454) [2006/06/23 12:38:46, 5] lib/util.c:show_msg(464) Your kerberos logins are failing, your NTLM ones are probably succeeding. This is consistent with \\name failing (it'll try and use krb5) and \\ip succeeding (it will automatically use NTLM). Fix your kerberos problem and the dfs will work. Jeremy.
I upgraded the kerberos to the latest version and go over those errors. still no dice. I will be posting my logs again. plz watch out for them.
What I'm trying to tell you is that this isn't an msdfs bug. It's a configuration issue probably with the way you've set up kerberos. I'm not closing this bug immediately on the off chance there's something more here but if you keep posting logs with krb5 logon errors I'm just going to point you at the mailing lists to get that fixed and close this bug. Fix your kerberos issues first, then we can talk about other problems. Jeremy.
Point taken Jeremy. I was planning on doing that in the first place (posting non-kerberos messages). your help is much appreciated ! rajeev p.s: and thx much leaving the ticket open too!
Jeremy I got rid of all the kerberos errors and noticed that I was still not able to follow the dfs links. I am seeing very similar results to the ones deposited in bug # 3651. *** This bug has been marked as a duplicate of 3651 ***
If you're still having problems after getting rid of the krb5 error please post the logs showing this. I need to see what is going wrong before I can do anything about this. Jeremy.
Created attachment 2022 [details] samba startup with d10
Created attachment 2023 [details] failed attempt to access a dfs link
smbclient test ============== a) TEST 1 - DFS link is to a \\server\share\path [root@ibrix2 samba]# /usr/local/samba/bin/smbclient -k //ibrix2/dfs OS=[Unix] Server=[Samba 3.0.23rc3] smb: \> dir . D 0 Fri Jul 7 12:45:37 2006 .. D 0 Mon Jun 26 23:23:09 2006 annotation D 0 Wed Jun 28 09:57:41 2006 IT D 0 Wed Jun 28 09:54:22 2006 40317 blocks of size 262144. 22131 blocks available smb: \> cd IT Connection to nfsa.tigr.org\IFX failed Unable to follow dfs referral [//nfsa.tigr.org\IFX/IT] cd \IT\: NT_STATUS_PATH_NOT_COVERED b) TEST 2 -- DFS Links is to a \\server\share smb: \> dir . D 0 Fri Jul 7 12:45:37 2006 .. D 0 Mon Jun 26 23:23:09 2006 annotation D 0 Wed Jun 28 09:57:41 2006 IT D 0 Wed Jun 28 09:54:22 2006 40317 blocks of size 262144. 22131 blocks available smb: \> cd annotation smb: \annotation\> ls ~snapshot DH 0 Fri Jul 7 12:00:36 2006 TTT D 0 Tue Jul 26 14:30:51 2005 <<content truncated>> Do these logs help ? rajeev
Jeremy Perhaps you can tell me what sequence of steps to take for log generation and I can get them for you. rajeev