Cross Realm SMB Signature Failure

Dave Daugherty dave.daugherty at
Fri May 4 17:20:48 GMT 2007

From: Michael B Allen [mailto:mba2000 at] Friday, May 04, 2007

> Yeah. Maybe the MIT ticket is a little different (e.g. no PAC) and the
> server code isn't trying hard enough to come up with a good session
> or it's using the wrong session key.

>> Are you running the latest MIT Kerberos libraries?

> Eah, 1.3.4 shipped with CentOS 4.4. Could be newer I suppose.

> I just installed SP2 + SP2 update on the target Windows server. It had
> no effect.

> Mike

This is throwing spaghetti against the wall to see if it will stick... 

I know there have been some Windows compatibility improvements in recent
versions of MIT Kerberos (such as TCP support for password changes). So
upgrading it may help you avoid other problems, but...

More spaghetti: Any chance of trying Heimdal Kerberos?

When I ran into this problem, only Windows Kerberos was in play. So
chances are good it has nothing to do with Kerberos at all.

You might also try enabling NetLogon debugging on the windows side and
then playing around with ntlmauth to see if any clues come up in the
windows log files

Running out of ideas fast...


More information about the samba-technical mailing list