Bug 956 - Upgrade from 3.0.0-final-1 to 3.0.1-1 stops ADS domain members from accessing Samba
Summary: Upgrade from 3.0.0-final-1 to 3.0.1-1 stops ADS domain members from accessing...
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.1
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-01-10 11:32 UTC by Alexander List
Modified: 2005-11-14 09:31 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander List 2004-01-10 11:32:29 UTC
After upgrading from 3.0.0final-1 (Debian woody x86 + necessary upgrades for
Samba) to 3.0.1-1, ADS domain members could no longer access the Samba server,
the client opens a password prompt.

Entering a password won't help of course because to access the Samba server the
client has to authenticate the connection via ADS...

I noticed something new in the logs:

[2004/01/10 16:55:00, 10] libads/kerberos_verify.c:create_keytab(56)
  creating keytab: MEMORY:
[2004/01/10 16:55:00, 3] libads/kerberos_verify.c:setup_keytab(147)
  unable to create MEMORY: keytab (Unknown Key table type)
[2004/01/10 16:55:00, 3] libads/kerberos_verify.c:ads_verify_ticket(280)
  ads_verify_ticket: unable to setup keytab
[2004/01/10 16:55:00, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
  Failed to verify incoming ticket!
[2004/01/10 16:55:00, 3] smbd/error.c:error_packet(118)
  error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE

Clients were W2KSP4 and WinXPSP1 (German).

Full level 10 logs are available on request.

Downgrading to 3.0.0final-1 solved the problem.

This problem has also been reported on the mailing list:
http://www.mail-archive.com/samba@lists.samba.org/msg30506.html
Comment 1 Gerald (Jerry) Carter (dead mail address) 2004-01-11 06:05:00 UTC
Fixed in 3.02.pre1
Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:27:59 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:31:19 UTC
database cleanup