ADS DM Client Can Not Connect to Samba

[John H Terpstra]

Jeremy/Folks,

Can anyone decode what the cause of the following level 10 log fragment
might be?

This is from samba-3.0.7 running on Red Hat EL4 Beta1 with krb5-1.3.4.

The Samba server joined the ADS Domain without problem. Use of kerberos
to gain access to the ADS DC as well as to Windows 2000 Pro
workstations works just dandy.

If I use Windows explorer I get access denied.  If from a command shell
I do "net view \\samba-server" I get error 5 - access denied.

The following is reported in the log file
"IP-Address-of-Win2k-client".log:

[2004/09/30 12:18:14, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2004/09/30 12:18:14, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
  Doing spnego session setup
[2004/09/30 12:18:14, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
  NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
PrimaryDomain=[]
[2004/09/30 12:18:14, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
  Got OID 1 2 840 48018 1 2 2
[2004/09/30 12:18:14, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
  Got OID 1 2 840 113554 1 2 2
[2004/09/30 12:18:14, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
  Got OID 1 3 6 1 4 1 311 2 2 10
[2004/09/30 12:18:14, 3] smbd/sesssetup.c:reply_spnego_negotiate(447)
  Got secblob of size 1169
[2004/09/30 12:18:14, 10] lib/util.c:name_to_fqdn(2464)
  name_to_fqdn: lookup for BELNX02 -> belnx02.
[2004/09/30 12:18:14, 10] passdb/secrets.c:secrets_named_mutex(702)
  secrets_named_mutex: got mutex for replay cache mutex
[2004/09/30 12:18:14, 1]
libads/kerberos_verify.c:ads_keytab_verify_ticket(102)
  ads_keytab_verify_ticket: krb5_kt_next_entry failed (Bad encryption
type)
[2004/09/30 12:18:14, 10]
libads/kerberos_verify.c:ads_secrets_verify_ticket(193)
  ads_secrets_verify_ticket: enc type [18] failed to decrypt with error
Bad encryption type
[2004/09/30 12:18:14, 10]
libads/kerberos_verify.c:ads_secrets_verify_ticket(193)
  ads_secrets_verify_ticket: enc type [17] failed to decrypt with error
Bad encryption type
[2004/09/30 12:18:14, 10]
libads/kerberos_verify.c:ads_secrets_verify_ticket(193)
  ads_secrets_verify_ticket: enc type [16] failed to decrypt with error
Bad encryption type
[2004/09/30 12:18:14, 10]
libads/kerberos_verify.c:ads_secrets_verify_ticket(193)
  ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
Bad encryption type
[2004/09/30 12:18:14, 10]
libads/kerberos_verify.c:ads_secrets_verify_ticket(193)
  ads_secrets_verify_ticket: enc type [1] failed to decrypt with error
Bad encryption type
[2004/09/30 12:18:14, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(193)
  ads_secrets_verify_ticket: enc type [3] failed to decrypt with error
Decrypt integrity check failed
[2004/09/30 12:18:14, 10]
libads/kerberos_verify.c:ads_secrets_verify_ticket(193)
  ads_secrets_verify_ticket: enc type [2] failed to decrypt with error
Bad encryption type
[2004/09/30 12:18:14, 10]
passdb/secrets.c:secrets_named_mutex_release(714)
  secrets_named_mutex: released mutex for replay cache mutex
[2004/09/30 12:18:14, 3] libads/kerberos_verify.c:ads_verify_ticket(307)
  ads_verify_ticket: krb5_rd_req with auth failed (Success)
[2004/09/30 12:18:14, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2004/09/30 12:18:14, 3] smbd/error.c:error_packet(129)
  error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2004/09/30 12:18:14, 5] lib/util.c:show_msg(461)
[2004/09/30 12:18:14, 5] lib/util.c:show_msg(471)
  size=35
  smb_com=0x73
  smb_rcls=109
  smb_reh=0
  smb_err=49152
  smb_flg=136
  smb_flg2=51201
  smb_tid=0
  smb_pid=65279
  smb_uid=0
  smb_mid=64
  smt_wct=0
  smb_bcc=0
[2004/09/30 12:18:14, 6] lib/util_sock.c:write_socket(449)
  write_socket(22,39)
[2004/09/30 12:18:14, 6] lib/util_sock.c:write_socket(452)
  write_socket(22,39) wrote 39


- John T.
---
John H Terpstra
Samba-Team
email: jht at samba.org