[Samba] Windows 2000 and krb5 tickets.
m.c.hudson at open.ac.uk
Fri Dec 12 07:20:50 GMT 2003
I'm also getting the exact same problem.
The samba machine can be added into the w2k-controlled ads fine.
But when my w2k clients connect to it, they prompt for a username and
password. If this is entered, things work fine. The w2k clients also
cannot browse the sharelist on the samba server until they have
connected to a share with a valid UID/password first.
I am seeing the same errors in samba's logs.
The samba server is a stock Red Hat Enterprise Linux 3 ES machine.
----- Original Message -----
From: "Tim Jordan" <timothy_jordan at labor.state.ak.us>
To: "Tom Dickson" <tdickson at inostor.com>; <samba at samba.org>
Sent: Thursday, December 11, 2003 11:26 PM
Subject: Re: [Samba] Windows 2000 and krb5 tickets.
> I'm getting same error about encryption ...
> I have taken Tom's lead and have provided the output below. Is there
> certain version of krb5 that we should be running?
> root at ANC-MDK-SMB3 tim]# smbd3 --version
> Version 3.0.1pre3
> [root at ANC-MDK-SMB3 tim]# strings /usr/lib/libkrb5.so.3.2 | grep BRAND
> KRB5_BRAND: krb5-1-3-final 1.3 20030708
> I'm running Mandrake 9.2
> Thank You Samba Team!
> On Thu, 2003-12-11 at 13:59, Tom Dickson wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > OK. I've done some more research, and here's what I get.
> > smbd --version
> > Version 3.0.0
> > strings libkrb5.so.3.2 | grep BRAND
> > KRB5_BRAND: krb5-1-3-1-final 1.3.1 20030730
> > Everything seems to work, but trying to access the Samba server
> > [2003/12/11 14:54:19, 3]
> > ~ ads_verify_ticket: enc type  failed to decrypt with error
> > integrity check failed
> > [2003/12/11 14:54:19, 3]
> > ~ ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption
> > [2003/12/11 14:54:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
> > ~ Failed to verify incoming ticket!
> > [2003/12/11 14:54:19, 3] smbd/error.c:error_packet(109)
> > ~ error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX)
> > NT_STATUS_LOGON_FAILURE
> > This is the same error you get if you're running the wrong KRB5
> > but I've the right ones. The windows 2000 machine is 5.00.2195
> > Windows 2000 clients connect to the ADS server fine, and will
> > the Samba server if you enter Username/Password. The 2000 server
> > connect to the Samba machine at all, even with the right
> > Is there a magic registry setting I'm missing? I've changed the
> > Administrator password at least once.
> > - -Tom
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.2-nr2 (Windows 2000)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> > iD8DBQE/2PbO2dxAfYNwANIRAmuuAKCI9NMssxwHqQlyF7njkP+sZBt3PQCfWApO
> > F9F+8BTOPIyoybZBYIlCouU=
> > =94FA
> > -----END PGP SIGNATURE-----
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba