[Samba] Windows 2000 and krb5 tickets.

Tom Dickson tdickson at inostor.com
Thu Dec 11 22:59:27 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OK. I've done some more research, and here's what I get.

smbd --version
Version 3.0.0

strings libkrb5.so.3.2 | grep BRAND
KRB5_BRAND: krb5-1-3-1-final 1.3.1 20030730

Everything seems to work, but trying to access the Samba server results in:

[2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(308)
~  ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt
integrity check failed
[2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(316)
~  ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
[2003/12/11 14:54:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
~  Failed to verify incoming ticket!
[2003/12/11 14:54:19, 3] smbd/error.c:error_packet(109)
~  error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE

This is the same error you get if you're running the wrong KRB5 libs,
but I've the right ones. The windows 2000 machine is 5.00.2195

Windows 2000 clients connect to the ADS server fine, and will connect to
the Samba server if you enter Username/Password. The 2000 server cannot
connect to the Samba machine at all, even with the right username/pass.

Is there a magic registry setting I'm missing? I've changed the
Administrator password at least once.

- -Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-nr2 (Windows 2000)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/2PbO2dxAfYNwANIRAmuuAKCI9NMssxwHqQlyF7njkP+sZBt3PQCfWApO
F9F+8BTOPIyoybZBYIlCouU=
=94FA
-----END PGP SIGNATURE-----



More information about the samba mailing list