Prev: [Samba] Cannot connect from XP to Samba: Password prompt repeated
Next: [Samba] samba->active directory: ports needed
From: Andrew Dumaresq on 17 Jan 2010 16:20 Hi, I've used samba3 for years, and it mostly did exactly what I wanted, In the last few weeks I decided to install Samba4. I got it installed and everything seems to be working as expected. I have one small issue, and I'm not really sure if the problem is Samba4, bind, my client PC or something else I haven't considered. I've got one Linux server, which acts as a Samba (4.0.0alpha9-GIT-27087e6) server and a DNS (BIND 9.6.1-P2) server, it is also my PDC. I've got a number of windows clients two of which are currently in the Domain. One PC which is windows XP can update its DNS entries with no issues: 17-Jan-2010 15:51:18.042 gss cred: "DNS/dumaresq.local(a)DUMARESQ.LOCAL", GSS_C_ACCEPT, 4294965265 17-Jan-2010 15:51:18.113 gss-api source name (accept) is gandalf$@DUMARESQ.LOCAL 17-Jan-2010 15:51:18.113 process_gsstkey(): dns_tsigerror_noerror I have another PC that is windows VISTA which cannot update its DNS entries: 17-Jan-2010 15:54:25.875 gss cred: "DNS/dumaresq.local(a)DUMARESQ.LOCAL", GSS_C_ACCEPT, 4294965078 17-Jan-2010 15:54:25.876 failed gss_accept_sec_context: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Wrong principal in request. 17-Jan-2010 15:54:25.876 process_gsstkey(): dns_tsigerror_badkey I believe I've got BIND setup correctly since it works for the Windows XP PC but here's the relevant configs: options { directory "/var/cache/bind"; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; tkey-gssapi-credential "DNS/dumaresq.local"; tkey-domain "DUMARESQ.LOCAL"; }; zone "dumaresq.local" { type master; file "/etc/bind/dumaresq/db.dumaresq"; update-policy { grant localhost subdomain * A AAAA; grant DUMARESQ.LOCAL ms-self * A AAAA; }; }; zone "1.168.192.in-addr.arpa" { type master; file "/etc/bind/dumaresq/db.192"; update-policy { grant *.LOCAL wildcard *.1.168.192.in-addr.arpa. PTR; }; }; Here's my smb.conf file: [globals] netbios name = morannon workgroup = dumaresq realm = dumaresq.local server role = domain controller log file = /var/log/samba/log.%m log level = 2 debug level = 2 interfaces = eth1 lo bind interfaces only = yes Is this a problem with Windows vista? I'm assuming that either vista can't get the correct credentials from the KDC (which is Samba) or that Samba is delivering the wrong credentials. I see the following entry in the samba logs for the computer that fails: [Sun Jan 17 15:09:43 2010 EST, 2 auth/kerberos/krb5_init_context.c:74:smb_krb5_debug_wrapper()] Kerberos: TGS-REQ aragorn$@DUMARESQ.LOCAL from 192.168.1.222 for DNS/dumaresq.local(a)DUMARESQ.LOCAL [canonicalize, renewable, forwardable] So I think samba is doing what it should. I'm lost here, anybody have any thoughts? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |