winbindd in Samba 3.6.12+ only wants to use KRB5?
realrichardsharpe at gmail.com
Mon Jun 3 12:02:24 MDT 2013
We are having a problem with winbindd seeming to only want to use KRB5
in one case. We have removed the SPNs for the machine accounts (for
other reasons) and see this:
wcache_tdc_fetch_domain: Found domain XYXY
[2013/06/04 01:50:24.144336, 10] winbindd/winbindd_ads.c:54(ads_cached_connectio
[2013/06/04 01:50:26.010419, 0] libads/sasl.c:908(ads_sasl_spnego_bind)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Decrypt integrity check
[2013/06/04 01:50:26.010519, 1] winbindd/winbindd_ads.c:134(ads_cached_connecti
ads_connect for domain APAC failed: Decrypt integrity check failed
[2013/06/04 01:50:26.010620, 10] winbindd/winbindd_cache.c:573(refresh_sequence_
refresh_sequence_number: failed with NT_STATUS_UNSUCCESSFUL
Does this mean we should set client use spnego = no?
More information about the samba-technical