Using the Samba 3.0.0 SRPM. Samba 3.0.0 requires the heimdal 0.6 libraries to talk to a 2003 ADS server. Heimdal 0.6 is bundled in the rawhide krb5-1.3.1 SRPM. Redhat distros (at this date) appear to ship with kerberos5 1.2.x packages. I built and installed the MIT krb5 libraries to /usr/local/kerberos from: From http://www.crypto-publish.org/dist/mit-kerberos5/krb5-1.3.1.tar.gz I then installed the samba 3 SRPM, and edited the /usr/src/redhat/SPECs/samba3.spec file to contain: --with-krb5=/usr/local/kerberos \ This was ignored during the build process. The samba SRPM build appears to search the path and find the system provided krb5 libraries, in /usr/kerberos. When these 1.2.x libraries are linked during the build, the resultant binary cannot talk to a 2003 ADS server with a 'SMB packet signing' problem: Winbindd -i -vv shows: client_check_incoming_message: BAD SIG: wanted SMB signature of [000] 08 CE A3 BF F9 D5 1E 09 .Σ¿ùÕ.. client_check_incoming_message: BAD SIG: got SMB signature of [000] 91 F7 B2 53 5B CA EB 3F .÷²S[Êë? signing_good: SMB signature check failed on seq 1! SMB Signature verification failed on incoming packet! failed kerberos session setup with NT_STATUS_OK anonymous connection attempt to BASHFUL from POTATO failed anonymous session setup with NT_STATUS_OK trusted_domains: Could not open a connection to MYNETWORK.ISP.CO.UK for PIPE_NETLOGON (NT_STATUS_UNSUCCESSFUL) convert_string_allocate: Conversion error: Illegal multibyte sequence(ˆÌ) convert_string_allocate: Conversion error: Illegal multibyte sequence(ˆÌ) rescan_trusted_domains: Can't find my own domain! I know samba 3.0.0 works, I've got it working on a FreeBSD box. I guess there are 2 problems. 1. It doesn't work on redhat (yet) because they ship 1.2.x krb5 libraries. 2. The SRPM build process doesn't honour the contents of the spec file when you do supply the preferred libraries elsewhere. Hope that helps
Seems its already been lodged. https://bugzilla.samba.org/show_bug.cgi?id=433
*** This bug has been marked as a duplicate of 433 ***
originally reported against one of the 3.0.0rc[1-4] releases. Cleaning up non-production versions.
database cleanup