likewise-open 6 and samba4
Michael Wood
esiotrot at gmail.com
Wed May 11 00:45:59 MDT 2011
On 11 May 2011 07:27, Hannu Tikka <hannu.tikka at rpkk.fi> wrote:
> Hi!
>
> I have functional ltsp setup on ubuntu 10.04 with likewise-open 5.4
> authenticating against samba4 server and using samba3 shares.
>
> Testing with ubuntu 11.04 with likewise 6 has no success. When trying to
> join domain likewise gives LW_ERROR_PASSWORD_MISMATCH error and samba4 log
> shows:
>
> Kerberos: AS-REQ administrator at DOM.COM from ipv4:10.4.101.226:57614 for
> krbtgt/DOM.COM at DOM.COM
> Kerberos: Client sent patypes: encrypted-timestamp, 149
> Kerberos: Looking for PKINIT pa-data -- administrator at DOM.COM
> Kerberos: Looking for ENC-TS pa-data -- administrator at DOM.COM
> Kerberos: Failed to decrypt PA-DATA -- administrator at DOM.COM (enctype
> aes256-cts-hmac-sha1-96) error Decrypt integrity check failed for checksum
> type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
> Kerberos: Failed to decrypt PA-DATA -- administrator at DOM.COM
>
> I have not found any clue what is different in lw6. Is it using different
> encryption type?
Well it's complaining about a decryption failure rather than an
unsupported enctype. But, see if it helps to change the various
enctype options in /etc/krb5.conf to have arcfour-hmac-md5 first in
the list, or else just remove the other types.
P.S. I am no Kerberos/Likewise/AD/Samba4 expert.
--
Michael Wood <esiotrot at gmail.com>
More information about the samba-technical
mailing list