here are some of the error messages i get in the logs: [2007/05/22 12:57:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(202) Failed to verify incoming ticket! [2007/05/22 12:57:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(202) Failed to verify incoming ticket! [2007/05/22 12:57:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(202) Failed to verify incoming ticket! [2007/05/22 12:57:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(202) Failed to verify incoming ticket! [2007/05/22 12:58:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2007/05/22 12:58:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2007/05/22 12:58:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! downgrading to 3.0.24 fixed all these problems. i'm using heimdal version 0.7.2. kinit, wbinfo -u/g, net ads join/status/info/nslookup, all work fine with both versions. with 3.0.25, i can see the shares, but once i try to go into the folder, a login dialog pops up. it will auto-fill the correct domain if i leave it blank, but i can never log in even with the correct password. the dialog keeps coming back up. here are my config files: here's my config files, if it'll help. krb5.conf ------------------- [libdefaults] default_realm = HQ.COMPANY.COM [realms] HQ.COMPANY.COM = { kdc = 192.168.100.1 } [domain_realm] .hq.company.com = HQ.COMPANY.COM hq.company.com = HQ.COMPANY.COM ------------------- smb.conf ------------------- [global] log file = /var/log/samba/log.%m encrypt passwords = yes realm = HQ.COMPANY.COM server string = Samba Server idmap uid = 10000-20000 idmap gid = 10000-20000 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind separator = + winbind nested groups = yes workgroup = WORKGROUP security = ADS preferred master = no dns proxy = no wins proxy = no auth methods = winbind max log size = 50 log level = 1 ------------------- thanks.
Please retest 3.0.25a (released about 10 hours ago) since there were several important bug fixes in that release wrt to parsing and SID translation. Thanks. However, failing to verify the ticket is pretty much a basic Krb5 operations. I would also suggest that you up the log level to 10 and see if there is any other indication of the reason for the failure. This all works completely fine for me.
hi, an upgrade to 3.0.25a didn't seem to address the issue. i pumped up the log level to 10. and here's what the winbind log says. Retrieving response for pid 17373 [2007/05/25 11:26:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:26:43, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545) winbindd_sid2gid_async: Resolving S-1-5-21-3545174525-3026908259-101944694-513 to a gid [2007/05/25 11:26:43, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:26:45, 6] nsswitch/winbindd.c:new_connection(625) accepted socket 22 [2007/05/25 11:26:45, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn INTERFACE_VERSION [2007/05/25 11:26:45, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491) [ 0]: request interface version [2007/05/25 11:26:45, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/05/25 11:26:45, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524) [ 0]: request location of privileged pipe [2007/05/25 11:26:45, 6] nsswitch/winbindd.c:new_connection(625) accepted socket 26 [2007/05/25 11:26:45, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn LIST_GROUPS [2007/05/25 11:26:45, 3] nsswitch/winbindd_group.c:winbindd_list_groups(1162) [ 0]: list groups [2007/05/25 11:26:45, 4] nsswitch/winbindd_group.c:get_sam_group_entries(854) get_sam_group_entries: BUILTIN or local domain; enumerating local groups as well [2007/05/25 11:26:45, 5] passdb/pdb_interface.c:smb_register_passdb(68) Attempting to register passdb backend ldapsam [2007/05/25 11:26:45, 5] passdb/pdb_interface.c:smb_register_passdb(81) Successfully added passdb backend 'ldapsam' [2007/05/25 11:26:45, 5] passdb/pdb_interface.c:smb_register_passdb(68) Attempting to register passdb backend ldapsam_compat [2007/05/25 11:26:45, 5] passdb/pdb_interface.c:smb_register_passdb(81) Successfully added passdb backend 'ldapsam_compat' [2007/05/25 11:26:45, 5] passdb/pdb_interface.c:smb_register_passdb(68) Attempting to register passdb backend NDS_ldapsam [2007/05/25 11:26:45, 5] passdb/pdb_interface.c:smb_register_passdb(81) Successfully added passdb backend 'NDS_ldapsam' [2007/05/25 11:26:45, 5] passdb/pdb_interface.c:smb_register_passdb(68) Attempting to register passdb backend NDS_ldapsam_compat [2007/05/25 11:26:45, 5] passdb/pdb_interface.c:smb_register_passdb(81) Successfully added passdb backend 'NDS_ldapsam_compat' [2007/05/25 11:26:45, 5] passdb/pdb_interface.c:smb_register_passdb(68) Attempting to register passdb backend smbpasswd [2007/05/25 11:26:45, 5] passdb/pdb_interface.c:smb_register_passdb(81) Successfully added passdb backend 'smbpasswd' [2007/05/25 11:26:45, 5] passdb/pdb_interface.c:smb_register_passdb(68) Attempting to register passdb backend tdbsam [2007/05/25 11:26:45, 5] passdb/pdb_interface.c:smb_register_passdb(81) Successfully added passdb backend 'tdbsam' [2007/05/25 11:26:45, 5] passdb/pdb_interface.c:make_pdb_method_name(121) Attempting to find an passdb backend to match smbpasswd (smbpasswd) [2007/05/25 11:26:45, 5] passdb/pdb_interface.c:make_pdb_method_name(142) Found pdb backend smbpasswd [2007/05/25 11:26:45, 5] passdb/pdb_interface.c:make_pdb_method_name(153) pdb backend smbpasswd has a valid init [2007/05/25 11:26:45, 4] nsswitch/winbindd_group.c:get_sam_group_entries(863) get_sam_group_entries: Returned 2 local groups [2007/05/25 11:26:45, 4] nsswitch/winbindd_group.c:get_sam_group_entries(854) get_sam_group_entries: BUILTIN or local domain; enumerating local groups as well [2007/05/25 11:26:45, 3] nsswitch/winbindd_group.c:get_sam_group_entries(859) get_sam_group_entries: Failed to enumerate domain local groups! [2007/05/25 11:26:45, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(465) refresh_sequence_number: WORKGROUP time ok [2007/05/25 11:26:45, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(499) refresh_sequence_number: WORKGROUP seq number is now 1436633 [2007/05/25 11:26:45, 10] nsswitch/winbindd_cache.c:enum_dom_groups(1234) enum_dom_groups: [Cached] - doing backend query for list for domain WORKGROUP [2007/05/25 11:26:45, 3] nsswitch/winbindd_ads.c:enum_dom_groups(275) ads: enum_dom_groups [2007/05/25 11:26:45, 10] nsswitch/winbindd_ads.c:ads_cached_connection(46) ads_cached_connection [2007/05/25 11:26:45, 7] nsswitch/winbindd_ads.c:ads_cached_connection(59) Current tickets expire in 35994 seconds (at 1180142799, time is now 1180106805) [2007/05/25 11:26:45, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64) Search for (&(objectCategory=group)(&(groupType:dn:1.2.840.113556.1.4.803:=-2147483648)(!(groupType:dn:1.2.840.113556.1.4.803:=1)))) in <dc=HQ,dc=COMPANY,dc=COM> gave 34 replies [2007/05/25 11:26:45, 3] nsswitch/winbindd_ads.c:enum_dom_groups(363) ads enum_dom_groups gave 34 entries [2007/05/25 11:26:45, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(465) refresh_sequence_number: WORKGROUP time ok [2007/05/25 11:26:45, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(499) refresh_sequence_number: WORKGROUP seq number is now 1436633 [2007/05/25 11:26:46, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn GETPWNAM [2007/05/25 11:26:46, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [ 0]: getpwnam Administrator [2007/05/25 11:26:46, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:26:46, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:26:46, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:26:46, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545) winbindd_sid2gid_async: Resolving S-1-5-21-3545174525-3026908259-101944694-513 to a gid [2007/05/25 11:26:46, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:26:50, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn GETPWNAM [2007/05/25 11:26:50, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [ 0]: getpwnam Administrator [2007/05/25 11:26:50, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:26:50, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:26:50, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:26:50, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545) winbindd_sid2gid_async: Resolving S-1-5-21-3545174525-3026908259-101944694-513 to a gid [2007/05/25 11:26:50, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:26:53, 6] nsswitch/winbindd.c:new_connection(625) accepted socket 25 [2007/05/25 11:26:53, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn INTERFACE_VERSION [2007/05/25 11:26:53, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491) [ 0]: request interface version [2007/05/25 11:26:53, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/05/25 11:26:53, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524) [ 0]: request location of privileged pipe [2007/05/25 11:26:53, 6] nsswitch/winbindd.c:new_connection(625) accepted socket 26 [2007/05/25 11:26:53, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn GETPWNAM [2007/05/25 11:26:53, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [ 0]: getpwnam Administrator [2007/05/25 11:26:53, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:26:53, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:26:53, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:26:53, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545) winbindd_sid2gid_async: Resolving S-1-5-21-3545174525-3026908259-101944694-513 to a gid [2007/05/25 11:26:53, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:26:56, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn GETPWNAM [2007/05/25 11:26:56, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [ 0]: getpwnam Administrator [2007/05/25 11:26:56, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:26:56, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:26:56, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:26:56, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545) winbindd_sid2gid_async: Resolving S-1-5-21-3545174525-3026908259-101944694-513 to a gid [2007/05/25 11:26:56, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:26:59, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn GETPWNAM [2007/05/25 11:26:59, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [ 0]: getpwnam Administrator [2007/05/25 11:26:59, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:26:59, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:26:59, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:26:59, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545) winbindd_sid2gid_async: Resolving S-1-5-21-3545174525-3026908259-101944694-513 to a gid [2007/05/25 11:26:59, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:27:03, 6] nsswitch/winbindd.c:new_connection(625) accepted socket 25 [2007/05/25 11:27:03, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn INTERFACE_VERSION [2007/05/25 11:27:03, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491) [ 0]: request interface version [2007/05/25 11:27:03, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/05/25 11:27:03, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524) [ 0]: request location of privileged pipe [2007/05/25 11:27:03, 6] nsswitch/winbindd.c:new_connection(625) accepted socket 26 [2007/05/25 11:27:03, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn GETPWNAM [2007/05/25 11:27:03, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [ 0]: getpwnam Administrator [2007/05/25 11:27:03, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:27:03, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:27:03, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:27:03, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545) winbindd_sid2gid_async: Resolving S-1-5-21-3545174525-3026908259-101944694-513 to a gid [2007/05/25 11:27:03, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:27:05, 6] nsswitch/winbindd.c:new_connection(625) accepted socket 25 [2007/05/25 11:27:05, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn INTERFACE_VERSION [2007/05/25 11:27:05, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491) [ 0]: request interface version [2007/05/25 11:27:05, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/05/25 11:27:05, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524) [ 0]: request location of privileged pipe [2007/05/25 11:27:05, 6] nsswitch/winbindd.c:new_connection(625) accepted socket 27 [2007/05/25 11:27:05, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn LIST_USERS [2007/05/25 11:27:05, 3] nsswitch/winbindd_user.c:winbindd_list_users(754) [ 0]: list users [2007/05/25 11:27:05, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(465) refresh_sequence_number: WORKGROUP time ok [2007/05/25 11:27:05, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(499) refresh_sequence_number: WORKGROUP seq number is now 1436633 [2007/05/25 11:27:05, 10] nsswitch/winbindd_cache.c:centry_expired(539) centry_expired: Key UL/WORKGROUP for domain WORKGROUP is good. [2007/05/25 11:27:05, 10] nsswitch/winbindd_cache.c:wcache_fetch(624) wcache_fetch: returning entry UL/WORKGROUP for domain WORKGROUP [2007/05/25 11:27:05, 10] nsswitch/winbindd_cache.c:query_user_list(1107) query_user_list: [Cached] - cached list for domain WORKGROUP status: NT_STATUS_OK [2007/05/25 11:27:06, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn GETPWNAM [2007/05/25 11:27:06, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [ 0]: getpwnam Administrator [2007/05/25 11:27:06, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:27:06, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:27:06, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:27:06, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545) winbindd_sid2gid_async: Resolving S-1-5-21-3545174525-3026908259-101944694-513 to a gid [2007/05/25 11:27:06, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:27:07, 6] nsswitch/winbindd.c:new_connection(625) accepted socket 25 [2007/05/25 11:27:07, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn INTERFACE_VERSION [2007/05/25 11:27:07, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491) [ 0]: request interface version [2007/05/25 11:27:07, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/05/25 11:27:07, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524) [ 0]: request location of privileged pipe [2007/05/25 11:27:07, 6] nsswitch/winbindd.c:new_connection(625) accepted socket 27 [2007/05/25 11:27:07, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn LIST_GROUPS [2007/05/25 11:27:07, 3] nsswitch/winbindd_group.c:winbindd_list_groups(1162) [ 0]: list groups [2007/05/25 11:27:07, 4] nsswitch/winbindd_group.c:get_sam_group_entries(854) get_sam_group_entries: BUILTIN or local domain; enumerating local groups as well [2007/05/25 11:27:07, 4] nsswitch/winbindd_group.c:get_sam_group_entries(863) get_sam_group_entries: Returned 2 local groups [2007/05/25 11:27:07, 4] nsswitch/winbindd_group.c:get_sam_group_entries(854) get_sam_group_entries: BUILTIN or local domain; enumerating local groups as well [2007/05/25 11:27:07, 3] nsswitch/winbindd_group.c:get_sam_group_entries(859) get_sam_group_entries: Failed to enumerate domain local groups! [2007/05/25 11:27:07, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(465) refresh_sequence_number: WORKGROUP time ok [2007/05/25 11:27:07, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(499) refresh_sequence_number: WORKGROUP seq number is now 1436633 [2007/05/25 11:27:07, 10] nsswitch/winbindd_cache.c:centry_expired(539) centry_expired: Key GL/WORKGROUP/domain for domain WORKGROUP is good. [2007/05/25 11:27:07, 10] nsswitch/winbindd_cache.c:wcache_fetch(624) wcache_fetch: returning entry GL/WORKGROUP/domain for domain WORKGROUP [2007/05/25 11:27:07, 10] nsswitch/winbindd_cache.c:enum_dom_groups(1219) enum_dom_groups: [Cached] - cached list for domain WORKGROUP status: NT_STATUS_OK [2007/05/25 11:27:09, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn GETPWNAM [2007/05/25 11:27:09, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [ 0]: getpwnam Administrator [2007/05/25 11:27:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:27:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:27:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:27:09, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545) winbindd_sid2gid_async: Resolving S-1-5-21-3545174525-3026908259-101944694-513 to a gid [2007/05/25 11:27:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:27:13, 6] nsswitch/winbindd.c:new_connection(625) accepted socket 25 [2007/05/25 11:27:13, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn INTERFACE_VERSION [2007/05/25 11:27:13, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491) [ 0]: request interface version [2007/05/25 11:27:13, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/05/25 11:27:13, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524) [ 0]: request location of privileged pipe [2007/05/25 11:27:13, 6] nsswitch/winbindd.c:new_connection(625) accepted socket 26 [2007/05/25 11:27:13, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn GETPWNAM [2007/05/25 11:27:13, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [ 0]: getpwnam Administrator [2007/05/25 11:27:13, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:27:13, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:27:13, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:27:13, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545) winbindd_sid2gid_async: Resolving S-1-5-21-3545174525-3026908259-101944694-513 to a gid [2007/05/25 11:27:13, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:27:16, 10] nsswitch/winbindd.c:process_request(311) process_request: request fn GETPWNAM [2007/05/25 11:27:16, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346) [ 0]: getpwnam Administrator [2007/05/25 11:27:16, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:27:16, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17373 [2007/05/25 11:27:16, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:27:16, 7] nsswitch/winbindd_async.c:winbindd_sid2gid_async(545) winbindd_sid2gid_async: Resolving S-1-5-21-3545174525-3026908259-101944694-513 to a gid [2007/05/25 11:27:16, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2299) Retrieving response for pid 17375 [2007/05/25 11:27:17, 5] lib/gencache.c:gencache_shutdown(94) Closing cache file ------------------------------------------------ here's the client log. [2007/05/25 11:26:34, 5] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/05/25 11:26:34, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc807 [2007/05/25 11:26:34, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/05/25 11:26:34, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2007/05/25 11:26:34, 10] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 104 [2007/05/25 11:26:34, 10] smbd/sesssetup.c:check_spnego_blob_complete(975) check_spnego_blob_complete: needed_len = 1293, pblob->length = 1293 [2007/05/25 11:26:34, 5] smbd/sesssetup.c:parse_spnego_mechanisms(667) parse_spnego_mechanisms: Got OID 1 2 840 48018 1 2 2 [2007/05/25 11:26:34, 5] smbd/sesssetup.c:parse_spnego_mechanisms(667) parse_spnego_mechanisms: Got OID 1 2 840 113554 1 2 2 [2007/05/25 11:26:34, 5] smbd/sesssetup.c:parse_spnego_mechanisms(667) parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 [2007/05/25 11:26:34, 3] smbd/sesssetup.c:reply_spnego_negotiate(697) reply_spnego_negotiate: Got secblob of size 1227 [2007/05/25 11:26:34, 10] passdb/secrets.c:secrets_named_mutex(930) secrets_named_mutex: got mutex for replay cache mutex [2007/05/25 11:26:34, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(279) ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Message size is incompatible with encryption type [2007/05/25 11:26:34, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(279) ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Message size is incompatible with encryption type [2007/05/25 11:26:34, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(279) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2007/05/25 11:26:34, 10] passdb/secrets.c:secrets_named_mutex_release(942) secrets_named_mutex: released mutex for replay cache mutex [2007/05/25 11:26:34, 3] libads/kerberos_verify.c:ads_verify_ticket(427) ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check failed) [2007/05/25 11:26:34, 10] libads/kerberos_verify.c:ads_verify_ticket(436) ads_verify_ticket: returning error NT_STATUS_LOGON_FAILURE [2007/05/25 11:26:35, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2007/05/25 11:26:35, 3] smbd/error.c:error_packet_set(106) error packet at smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2007/05/25 11:26:35, 5] lib/util.c:show_msg(484) [2007/05/25 11:26:35, 5] lib/util.c:show_msg(494) size=35 smb_com=0x73 smb_rcls=109 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=104 smb_mid=36417 smt_wct=0 smb_bcc=0 [2007/05/25 11:26:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2007/05/25 11:26:35, 6] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x68 [2007/05/25 11:26:35, 3] smbd/process.c:process_smb(1068) Transaction 20 of length 108 [2007/05/25 11:26:35, 5] lib/util.c:show_msg(484) [2007/05/25 11:26:35, 5] lib/util.c:show_msg(494) size=104 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1428 smb_uid=102 smb_mid=36481 smt_wct=15 smb_vwv[ 0]= 36 (0x24) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 36 (0x24) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=39 [2007/05/25 11:26:35, 10] lib/util.c:dump_data(2261) [000] 00 00 00 EC 03 00 00 00 00 5C 00 6F 00 65 00 73 ........ .\.o.e.s [010] 00 2D 00 67 00 61 00 6D 00 6D 00 61 00 5C 00 68 .-.g.a.m .m.a.\.h [020] 00 69 00 70 00 00 00 .i.p... [2007/05/25 11:26:35, 3] smbd/process.c:switch_message(926) switch message SMBtrans2 (pid 17390) conn 0x555555adc3e0 [2007/05/25 11:26:35, 10] passdb/lookup_sid.c:gid_to_sid(1359) gid 102 -> sid S-1-22-2-102 [2007/05/25 11:26:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (1003, 102) - sec_ctx_stack_ndx = 0 [2007/05/25 11:26:35, 5] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-22-1-1003 contains 5 SIDs SID[ 0]: S-1-22-1-1003 SID[ 1]: S-1-22-2-102 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SE_PRIV 0x0 0x0 0x0 0x0 [2007/05/25 11:26:35, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 1003 Primary group is 102 and contains 1 supplementary groups Group[ 0]: 102 [2007/05/25 11:26:35, 5] smbd/uid.c:change_to_user(273) change_to_user uid=(1003,1003) gid=(0,102) [2007/05/25 11:26:35, 3] smbd/trans2.c:call_trans2qfilepathinfo(3252) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2007/05/25 11:26:35, 5] smbd/filename.c:unix_convert(147) unix_convert called on file "gamma/hip" [2007/05/25 11:26:35, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [gamma/HIP] [2007/05/25 11:26:35, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [gamma] [2007/05/25 11:26:35, 5] smbd/filename.c:unix_convert(246) unix_convert begin: name = gamma/hip, dirpath = , start = gamma/hip [2007/05/25 11:26:35, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled gamma/hip ? [2007/05/25 11:26:35, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component gamma/hip (len 9) ? [2007/05/25 11:26:35, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component hip (len 3) ? [2007/05/25 11:26:35, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled gamma ? [2007/05/25 11:26:35, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component gamma (len 9) ? [2007/05/25 11:26:35, 5] smbd/filename.c:unix_convert(384) Intermediate not found gamma [2007/05/25 11:26:35, 3] smbd/error.c:error_packet_set(106) error packet at smbd/trans2.c(3273) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_PATH_NOT_FOUND [2007/05/25 11:26:35, 5] lib/util.c:show_msg(484) [2007/05/25 11:26:35, 5] lib/util.c:show_msg(494) size=35 smb_com=0x32 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51265 smb_tid=3 smb_pid=1428 smb_uid=102 smb_mid=36481 smt_wct=0 smb_bcc=0 [2007/05/25 11:26:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/05/25 11:26:35, 6] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x23 [2007/05/25 11:26:35, 3] smbd/process.c:process_smb(1068) Transaction 21 of length 39 [2007/05/25 11:26:35, 5] lib/util.c:show_msg(484) [2007/05/25 11:26:35, 5] lib/util.c:show_msg(494) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=102 smb_mid=36545 smt_wct=0 smb_bcc=0 [2007/05/25 11:26:35, 3] smbd/process.c:switch_message(926) switch message SMBtdis (pid 17390) conn 0x555555a981b0 [2007/05/25 11:26:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/05/25 11:26:35, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/05/25 11:26:35, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/05/25 11:26:35, 5] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/05/25 11:26:35, 4] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to /files/delphi [2007/05/25 11:26:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/05/25 11:26:35, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/05/25 11:26:35, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/05/25 11:26:35, 5] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/05/25 11:26:35, 1] smbd/service.c:close_cnum(1230) 192.168.100.162 (192.168.100.162) closed connection to service delphi [2007/05/25 11:26:35, 3] smbd/connection.c:yield_connection(69) Yielding connection to delphi [2007/05/25 11:26:35, 4] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to / [2007/05/25 11:26:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/05/25 11:26:35, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/05/25 11:26:35, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/05/25 11:26:35, 5] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/05/25 11:26:35, 5] lib/util.c:show_msg(484) [2007/05/25 11:26:35, 5] lib/util.c:show_msg(494) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=102 smb_mid=36545 smt_wct=0 smb_bcc=0 [2007/05/25 11:26:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/05/25 11:26:35, 6] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x23 [2007/05/25 11:26:35, 3] smbd/process.c:process_smb(1068) Transaction 22 of length 39 [2007/05/25 11:26:35, 5] lib/util.c:show_msg(484) [2007/05/25 11:26:35, 5] lib/util.c:show_msg(494) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=36609 smt_wct=0 smb_bcc=0 [2007/05/25 11:26:35, 3] smbd/process.c:switch_message(926) switch message SMBtdis (pid 17390) conn 0x555555adc3e0 [2007/05/25 11:26:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/05/25 11:26:35, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/05/25 11:26:35, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/05/25 11:26:35, 5] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/05/25 11:26:35, 4] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to /files/hip [2007/05/25 11:26:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/05/25 11:26:35, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/05/25 11:26:35, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/05/25 11:26:35, 5] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/05/25 11:26:35, 1] smbd/service.c:close_cnum(1230) 192.168.100.162 (192.168.100.162) closed connection to service hip [2007/05/25 11:26:35, 3] smbd/connection.c:yield_connection(69) Yielding connection to hip [2007/05/25 11:26:35, 4] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to / [2007/05/25 11:26:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/05/25 11:26:35, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/05/25 11:26:35, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/05/25 11:26:35, 5] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/05/25 11:26:35, 5] lib/util.c:show_msg(484) [2007/05/25 11:26:35, 5] lib/util.c:show_msg(494) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=65279 smb_uid=102 smb_mid=36609 smt_wct=0 smb_bcc=0 [2007/05/25 11:27:17, 10] smbd/process.c:async_processing(292) async_processing: Doing async processing. [2007/05/25 11:27:17, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/05/25 11:27:17, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/05/25 11:27:17, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/05/25 11:27:17, 5] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/05/25 11:27:17, 4] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to /files/sandbox [2007/05/25 11:27:17, 10] locking/locking.c:parse_share_modes(507) parse_share_modes: delete_on_close: 0, num_share_modes: 1 [2007/05/25 11:27:17, 10] locking/locking.c:parse_share_modes(607) parse_share_modes: share_mode_entry[0]: pid = 17390, share_access = 0x7, private_options = 0x1, access_mask = 0x100001, mid = 0x0, type= 0x0, file_id = 1, uid = 10011, flags = 2, dev = 0xfd00, inode = 23838721 [2007/05/25 11:27:17, 3] smbd/error.c:error_packet_set(106) error packet at smbd/notify.c(115) cmd=160 (SMBnttrans) NT_STATUS_OK [2007/05/25 11:27:17, 5] lib/util.c:show_msg(484) [2007/05/25 11:27:17, 5] lib/util.c:show_msg(494) size=71 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1428 smb_uid=102 smb_mid=36032 smt_wct=18 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_bcc=0 [2007/05/25 11:27:17, 10] smbd/notify_inotify.c:watch_destructor(339) Deleting inotify watch 1 [2007/05/25 11:27:17, 5] smbd/files.c:file_free(451) freed files structure 8199 (0 used) [2007/05/25 11:27:17, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/05/25 11:27:17, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/05/25 11:27:17, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/05/25 11:27:17, 5] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/05/25 11:27:17, 1] smbd/service.c:close_cnum(1230) 192.168.100.162 (192.168.100.162) closed connection to service sandbox [2007/05/25 11:27:17, 3] smbd/connection.c:yield_connection(69) Yielding connection to sandbox [2007/05/25 11:27:17, 4] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to / [2007/05/25 11:27:17, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/05/25 11:27:17, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/05/25 11:27:17, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/05/25 11:27:17, 5] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/05/25 11:27:17, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2007/05/25 11:27:17, 3] smbd/server.c:exit_server_common(768) Server exit (termination signal) ------------------------- let me know if there's anything else i can do to help.
Is your "workgroup" name really WORKGROUP? Right now, there's still nothing that would point to a source level bug.
no, that was renamed from something else.
well, there's a couple things i noticed in the log. "getpwnam Administrator" i don't use the administrator use to join the domain, i use another user with administrator privileges. "failed to decrypt with error Message size is incompatible with encryption type" a search on google said i have to destroy my tickets and reinitialize them. i tried that, but same problem. i'm gonna try the latest heimdal and see if it fixes the problem.
ok...i tried again on a different install, and it works fine with those config files. the only difference, 32bit vs 64bit. how do i "reset" samba completely?
ok, it's not because of 32/64 differences. the "force group" and/or "force user" in smb.conf is the difference between it working and not working.
"force group" has nothing to do with do with verifying krb5 tickets.
i'm not really sure what's happening in the back end. here's my share config: [share] browseable = yes available = yes path = /some/path write list = user1,user2,user3 force group = somegroup force user = someuser if either force user or force group is enabled, the repeating authentication dialog keeps coming up, even with valid password. if both those lines are commented out, i can access the share no problem.
i figured some more things out. if i use \\hostname, the force user/group thing screws up as mentioned. but if i use \\192.168.100.20, everything works fine.
a reboot fixed the problem. thanks for all the help.