bug? kerberos tickets with rc4-hmac: enc type [3] failed to
decrypt with error Bad encryption type
Andrew Bartlett
abartlet at samba.org
Fri Feb 20 11:44:30 GMT 2004
On Fri, 2004-02-20 at 22:29, Stefan Beck wrote:
> Hello,
>
> I'm trying to use samba 3.0.2 on debian sid as win2k ads member.
>
> Using kerberos from linux works perfectly, but accessing the samba server from a
> win2k domain member fails.
>
> e.g. net view \\zzzgfs
>
> system error 5 occured
> Access denied
>
> The samba log shows:
>
> 2004/02/20 12:18:26, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
> ads_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type
> [2004/02/20 12:18:26, 10] passdb/secrets.c:secrets_named_mutex_release(709)
> secrets_named_mutex: released mutex for replay cache mutex
> [2004/02/20 12:18:26, 3] libads/kerberos_verify.c:ads_verify_ticket(330)
> ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
> [2004/02/20 12:18:26, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
> Failed to verify incoming ticket!
> [2004/02/20 12:18:26, 3] smbd/error.c:error_packet(94)
> error string = No such file or directory
> [2004/02/20 12:18:26, 3] smbd/error.c:error_packet(118)
> error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
This almost always means you either have not installed MIT Krb5 1.3.1,
or you have set your krb5.conf to deny this encryption type.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040220/0563dabb/attachment.bin
More information about the samba-technical
mailing list