[Samba] Windows 2000 and krb5 tickets.
Tim Jordan
timothy_jordan at labor.state.ak.us
Thu Dec 11 23:26:08 GMT 2003
I'm getting same error about encryption ...
I have taken Tom's lead and have provided the output below. Is there a
certain version of krb5 that we should be running?
root at ANC-MDK-SMB3 tim]# smbd3 --version
Version 3.0.1pre3
[root at ANC-MDK-SMB3 tim]# strings /usr/lib/libkrb5.so.3.2 | grep BRAND
KRB5_BRAND: krb5-1-3-final 1.3 20030708
I'm running Mandrake 9.2
Thank You Samba Team!
Tim
On Thu, 2003-12-11 at 13:59, Tom Dickson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> OK. I've done some more research, and here's what I get.
>
> smbd --version
> Version 3.0.0
>
> strings libkrb5.so.3.2 | grep BRAND
> KRB5_BRAND: krb5-1-3-1-final 1.3.1 20030730
>
> Everything seems to work, but trying to access the Samba server results in:
>
> [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(308)
> ~ ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt
> integrity check failed
> [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(316)
> ~ ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
> [2003/12/11 14:54:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
> ~ Failed to verify incoming ticket!
> [2003/12/11 14:54:19, 3] smbd/error.c:error_packet(109)
> ~ error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
>
> This is the same error you get if you're running the wrong KRB5 libs,
> but I've the right ones. The windows 2000 machine is 5.00.2195
>
> Windows 2000 clients connect to the ADS server fine, and will connect to
> the Samba server if you enter Username/Password. The 2000 server cannot
> connect to the Samba machine at all, even with the right username/pass.
>
> Is there a magic registry setting I'm missing? I've changed the
> Administrator password at least once.
>
> - -Tom
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2-nr2 (Windows 2000)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE/2PbO2dxAfYNwANIRAmuuAKCI9NMssxwHqQlyF7njkP+sZBt3PQCfWApO
> F9F+8BTOPIyoybZBYIlCouU=
> =94FA
> -----END PGP SIGNATURE-----
More information about the samba
mailing list