winbindd in Samba 3.6.12+ only wants to use KRB5?

Richard Sharpe realrichardsharpe at gmail.com
Mon Jun 3 12:02:24 MDT 2013


Hi folks,

We are having a problem with winbindd seeming to only want to use KRB5
in one case. We have removed the SPNs for the machine accounts (for
other reasons) and see this:

  wcache_tdc_fetch_domain: Found domain XYXY
[2013/06/04 01:50:24.144336, 10] winbindd/winbindd_ads.c:54(ads_cached_connectio
n)
  ads_cached_connection
[2013/06/04 01:50:26.010419,  0] libads/sasl.c:908(ads_sasl_spnego_bind)
  kinit succeeded but ads_sasl_spnego_krb5_bind failed: Decrypt integrity check
failed
[2013/06/04 01:50:26.010519,  1] winbindd/winbindd_ads.c:134(ads_cached_connecti
on)
  ads_connect for domain APAC failed: Decrypt integrity check failed
[2013/06/04 01:50:26.010620, 10] winbindd/winbindd_cache.c:573(refresh_sequence_
number)
  refresh_sequence_number: failed with NT_STATUS_UNSUCCESSFUL

Does this mean we should set client use spnego = no?

-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)


More information about the samba-technical mailing list