Samba 3.0 Alpha22 + AD Domain, RedHat Kerberos Problems

Herb Lewis herb at sgi.com
Tue Mar 11 00:58:58 GMT 2003 

The bad encryption type message happens if you have never changed
the administrator password on the PDC and you try to join the domain.
Did you successfully join the domain?

ODC wrote:
> 
> Hi all,
> 
> I'm not sure if this is the proper list to send to, but I figure this is
> it since I'm dealing with the beta software.
> 
> Anyway, I have compiled Samba 3.0 Alpha 22 and would like to run it as a
>   file server that authenticates AD logins to the W2K Domain Server.
> 
> I have gotten though all the steps I can think of, and kinit user at REALM
> works properly.
> 
> However, now is the acid test -- when I go \\LINUXSERVER\ from a domain
> connected workstation, it keeps rejecting the login and giving me the
> username/password box.
> 
> When looking at the log files, I noticed this (could it be a problem
> with the Kerberos code ?)
> 
> [2003/03/10 14:49:46, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(402)
>    Doing spnego session setup
> [2003/03/10 14:49:46, 3] smbd/sesssetup.c:reply_spnego_negotiate(316)
>    Got OID 1 2 840 48018 1 2 2
> [2003/03/10 14:49:46, 3] smbd/sesssetup.c:reply_spnego_negotiate(316)
>    Got OID 1 2 840 113554 1 2 2
> [2003/03/10 14:49:46, 3] smbd/sesssetup.c:reply_spnego_negotiate(316)
>    Got OID 1 3 6 1 4 1 311 2 2 10
> [2003/03/10 14:49:46, 3] smbd/sesssetup.c:reply_spnego_negotiate(323)
>    Got secblob of size 1466
> [2003/03/10 14:49:46, 3] libads/kerberos_verify.c:ads_verify_ticket(124)
>    krb5_rd_req with auth failed (Bad encryption type)
> [2003/03/10 14:49:46, 1] smbd/sesssetup.c:reply_spnego_kerberos(167)
>    Failed to verify incoming ticket!
> [2003/03/10 14:49:46, 3] smbd/error.c:error_packet(94)
>    error string = No such file or directory
> [2003/03/10 14:49:46, 3] smbd/error.c:error_packet(113)
>    error packet at smbd/sesssetup.c(169) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
> 
> I have attached 2 logs and a strace file of smbd if that may help.
> 
> Any suggestions to get this working for domain authentication would be
> *greatly* appreciated.
> 
> Thank you.
> 
> ps. I should be on the mailing list, but could you pelase CC: to my
> address if you respond.
> 
> Thanks again.
> 
> --
> ODC <odc-public at hotpop.com>
> Public E-Mail Drop
> *Hotpop is known to have unreliable servers, please resend if needed*
> *Please no more than 500kb per message*
> 
>   ------------------------------------------------------------------------
>                           Name: logs.tar.bz2
>    logs.tar.bz2           Type: unspecified type (application/octet-stream)
>                       Encoding: base64
>                Download Status: Not downloaded with message

-- 
======================================================================
Herb Lewis                               Silicon Graphics 
Networking Engineer                      1600 Amphitheatre Pkwy MS-510
Strategic Software Organization          Mountain View, CA  94043-1351
herb at sgi.com                             Tel: 650-933-2177
http://www.sgi.com                       Fax: 650-932-2177          
PGP Key: 0x8408D65D
======================================================================

More information about the samba-technical mailing list