bug? kerberos tickets with rc4-hmac: enc type [3] failed to decrypt with error Bad encryption type

[Andrew Bartlett]

On Fri, 2004-02-20 at 22:29, Stefan Beck wrote:
> Hello,
> 
> I'm trying to use samba 3.0.2 on debian sid as win2k ads member.
> 
> Using kerberos from linux works perfectly, but accessing the samba server from a 
> win2k domain member fails.
> 
> e.g. net view \\zzzgfs
> 
> system error 5 occured
> Access denied
> 
> The samba log shows:
> 
> 2004/02/20 12:18:26, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
>    ads_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type
> [2004/02/20 12:18:26, 10] passdb/secrets.c:secrets_named_mutex_release(709)
>    secrets_named_mutex: released mutex for replay cache mutex
> [2004/02/20 12:18:26, 3] libads/kerberos_verify.c:ads_verify_ticket(330)
>    ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
> [2004/02/20 12:18:26, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
>    Failed to verify incoming ticket!
> [2004/02/20 12:18:26, 3] smbd/error.c:error_packet(94)
>    error string = No such file or directory
> [2004/02/20 12:18:26, 3] smbd/error.c:error_packet(118)
>    error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX) 
> NT_STATUS_LOGON_FAILURE

This almost always means you either have not installed MIT Krb5 1.3.1,
or you have set your krb5.conf to deny this encryption type.  

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040220/0563dabb/attachment.bin