likewise-open 6 and samba4

Michael Wood esiotrot at
Wed May 11 00:45:59 MDT 2011

On 11 May 2011 07:27, Hannu Tikka <hannu.tikka at> wrote:
> Hi!
> I have functional ltsp setup on ubuntu 10.04 with likewise-open 5.4
> authenticating against samba4 server and using samba3 shares.
> Testing with ubuntu 11.04 with likewise 6 has no success. When trying to
> join domain likewise gives LW_ERROR_PASSWORD_MISMATCH error and samba4 log
> shows:
> Kerberos: AS-REQ administrator at DOM.COM from ipv4: for
> krbtgt/DOM.COM at DOM.COM
> Kerberos: Client sent patypes: encrypted-timestamp, 149
> Kerberos: Looking for PKINIT pa-data -- administrator at DOM.COM
> Kerberos: Looking for ENC-TS pa-data -- administrator at DOM.COM
> Kerberos: Failed to decrypt PA-DATA -- administrator at DOM.COM (enctype
> aes256-cts-hmac-sha1-96) error Decrypt integrity check failed for checksum
> type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
> Kerberos: Failed to decrypt PA-DATA -- administrator at DOM.COM
> I have not found any clue what is different in lw6. Is it using different
> encryption type?

Well it's complaining about a decryption failure rather than an
unsupported enctype.  But, see if it helps to change the various
enctype options in /etc/krb5.conf to have arcfour-hmac-md5 first in
the list, or else just remove the other types.

P.S. I am no Kerberos/Likewise/AD/Samba4 expert.

Michael Wood <esiotrot at>

More information about the samba-technical mailing list