Hi,

I need some help to get Samba and Active Domain to play nicely.
The server is an Ubuntu 10.04 LTS with Kubuntu to provide GUI, running Samba 3.4.7
We have several other Linux servers that work perfectly well however this is the first 10.04LTS the others are 8.04LTS.
Authentication is done through Kerberos/AD and works great!
We use NX for remote login and it is working well.
There is no “shared folder”. The users use Samba to access their home directory from their WinXp or Win7 machines. But we are always asked for our credentials and then the authentication fails.

The only errors that I can find is this message in the Samba log.

The Samba log shows:

2012/02/28 09:40:48, 1] libads/kerberos_verify.c:336(ads_secrets_verify_ticket)
ads_secrets_verify_ticket: failed to fetch machine password
[2012/02/28 09:40:48, 1] smbd/sesssetup.c:342(reply_spnego_kerberos)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/02/28 09:40:48, 1] libads/kerberos_verify.c:336(ads_secrets_verify_ticket)
ads_secrets_verify_ticket: failed to fetch machine password
[2012/02/28 09:40:48, 1] smbd/sesssetup.c:342(reply_spnego_kerberos)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/02/28 09:40:57, 1] libads/kerberos_verify.c:336(ads_secrets_verify_ticket)
ads_secrets_verify_ticket: failed to fetch machine password
[2012/02/28 09:40:57, 1] smbd/sesssetup.c:342(reply_spnego_kerberos)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/02/28 09:41:12, 0] lib/util_sock.c:539(read_fd_with_timeout)
[2012/02/28 09:41:12, 0] lib/util_sock.c:1498(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer.



Thanks!
Alfredo

%%%%% Background info %%%%%

The smb.conf

From testparm

Load smb config files from /etc/samba/smb.conf

[global]
workgroup = USFN
realm = USFN.NZCORP.NET
server string = Samba Server - Rio
security = ADS
map to guest = Bad User
obey pam restrictions = Yes
password server = ##.###.##.###
pam password change = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
name resolve order = lmhosts host wins bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
invalid users = root

[homes]
comment = Home Directories
path = %H
read only = No


smbclient -L rio.usfn.nzcorp.net -U%
Domain=[USFN] OS=[Unix] Server=[Samba 3.4.7]

Sharename Type Comment
--------- ---- -------
homes Disk Home Directories
print$ Disk Printer Drivers
IPC$ IPC IPC Service (Samba Server - Rio)
Domain=[USFN] OS=[Unix] Server=[Samba 3.4.7]

Server Comment
--------- -------
RIO Samba Server - Rio

Workgroup Master
--------- -------
USFN DCUSFN200