Cross Realm SMB Signature Failure
dave.daugherty at centrify.com
Fri May 4 17:20:48 GMT 2007
From: Michael B Allen [mailto:mba2000 at ioplex.com] Friday, May 04, 2007
> Yeah. Maybe the MIT ticket is a little different (e.g. no PAC) and the
> server code isn't trying hard enough to come up with a good session
> or it's using the wrong session key.
>> Are you running the latest MIT Kerberos libraries?
> Eah, 1.3.4 shipped with CentOS 4.4. Could be newer I suppose.
> I just installed SP2 + SP2 update on the target Windows server. It had
> no effect.
This is throwing spaghetti against the wall to see if it will stick...
I know there have been some Windows compatibility improvements in recent
versions of MIT Kerberos (such as TCP support for password changes). So
upgrading it may help you avoid other problems, but...
More spaghetti: Any chance of trying Heimdal Kerberos?
When I ran into this problem, only Windows Kerberos was in play. So
chances are good it has nothing to do with Kerberos at all.
You might also try enabling NetLogon debugging on the windows side and
then playing around with ntlmauth to see if any clues come up in the
windows log files
Running out of ideas fast...
More information about the samba-technical