[Samba] Can't maintain a connection to the Server 2003 ADS on
a subdomain
Doug VanLeuven
roamdad at sonic.net
Mon Jun 13 16:22:45 GMT 2005
Daniel Kvitko wrote:
>Hello to every Samba expert out there,
>
>We've been having a hard time figuring out a particular problem with Samba.
>After joining the Server 2003 ADS, which is on a different subnet - just
>going through a router, the membership would drop all of a sudden.
>Everything works great when the Samba server is on the same subnet as the
>Server 2003 ADS. I have posted some details on forums, here is a link if you
>need to see the configuration:
>http://www.learninglinux.com/modules.php?name=Forums&file=viewtopic&t=474
>
>I have been struggling for weeks and really need some insight from some
>experts. The purpose of the Samba servers is just for file sharing and we
>really do not want to install Microsoft Servers. If there is no one here
>that can offer any assistance, then I guess there isn't anyone out there
>that can.
>
>
Hi Dan,
While processing a TGS request for the target server
host/uni-samba.rhb.local, the account UNI-SAMBA$@RHB.LOCAL did not have
a suitable key for generating a Kerberos ticket (the missing key has an
ID of 8). The requested etypes were 16. The accounts available etypes
were 23 -133 -128 3 1.
The requested enctype of 16 corresponds to DES3_CBC_SHA1.
The encryption types the 2003 server knows how to decode are
23 ARCFOUR_HMAC
3 DES_CBC_MD5
1 DES_CBC_CRC
I don't know what encryption types -133 & -128 are.
If you do a
klist -ke
on the samba machine, it will list the keys in /etc/krb5.keytab and what
encryption types they are.
With your version of kerberos and samba, you should be joined normally
without the flag for DES_CBC_MD5 encryption required. As fas as I know,
this implies the samba server will be using ARCFOUR_HMAC which is the
native encryption type of windows 2003.
Would you mind verifying your keytab on the samba host still has a
host/ops-server2003.rhb.local at RHB.LOCAL (ArcFour with HMAC/md5)
entry and that you ran the ktpass.exe on the windows 2003 server to
generate the host entry for the samba machine?
Regards, Doug
More information about the samba
mailing list