ads_sasl_spnego_krb5_bind failed with: Decrypt integrity check failed, calling kinit
Richard Sharpe
realrichardsharpe at gmail.com
Wed May 8 14:43:39 MDT 2013
On Mon, May 6, 2013 at 3:41 PM, Richard Sharpe
<realrichardsharpe at gmail.com> wrote:
> Hi Folks,
>
> Has anyone seen that message?
>
> On a 3.6.6 system. We have joined the domain, and I can list users in
> the domain we have joined but none of the users in the other domains
> show up.
>
> And the log files for winbind for those domains show this message all the time:
>
> [2013/05/06 17:05:13.013001, 0] libads/sasl.c:908(ads_sasl_spnego_bind)
> kinit succeeded but ads_sasl_spnego_krb5_bind failed: Decrypt
> integrity check failed
>
> What causes this?
Turns out this includes the cause:
http://technet.microsoft.com/en-us/library/cc772897(v=ws.10).aspx
Somehow the ServicePrincipalName attribute on the computer account
went missing :-(
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list