inconsistent drive mappings + many other errors

Grimes, David david.grimes at
Thu Jul 15 17:43:07 GMT 2004

Wow I stand corrected. The circumstances around this problem totally mask
that it's an encryption problem. SO...  I'm not sure how to interpret your
statement "you have not included the type 23 enctype used by Windows
(ENCTYPE_ARCFOUR_HMAC_MD5)". How do I this inclusion? Do I just flat out
remove those default* lines from krb5.conf?  
rpm -qa | grep krb5
Rectifying this now....

THANKS for the help!!!

-----Original Message-----
From: Jeremy Allison [mailto:jra at] 
Sent: Thursday, July 15, 2004 12:30 PM
To: Grimes, David
Cc: Jeremy Allison; samba-technical at
Subject: Re: inconsistent drive mappings + many other errors

On Thu, Jul 15, 2004 at 12:23:13PM -0500, Grimes, David wrote:
> Thanks for the reply. 
> AD server and samba box are running off the same time server and have a
> precision of 12 usec's. Do you suggest the Kerberos problem is between the
> samba and AD box or between the client and the samba box? If it were the
> samba and AD I would assume all auth attempts would fail not just those
> 2000 clients. I'm also not so sure that there is any Kerberos done between
> the client and the samba server... please correct me if I am wrong. 
> Also if there is ANY other info that I should provide to help in
> these please let me know.
> As far as the network hardware the few machines that are using the samba
> are new dells with Intel GbE cards and a brand spankin new Cisco 5600 
> Any how I appreciate the response. I've included krb5.conf below are these
> encryption settings correct?
> [libdefaults]
>  ticket_lifetime = 24000
>  default_realm = BELOCORP.COM
>  dns_lookup_realm = true
>  dns_lookup_kdc = true
>  default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
>  default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
> Thanks!

No - that's the problem. Don't use enctypes - you have not included
the type 23 enctype used by Windows (ENCTYPE_ARCFOUR_HMAC_MD5).

Just ensure you have a version of MIT later than 1.3.1 (I think).


More information about the samba-technical mailing list