[Samba] My Samba 3.0beta1 stopped working as ADS member
Andrew Bartlett
abartlet at samba.org
Wed Jun 18 10:07:32 GMT 2003
On Wed, 2003-06-18 at 16:44, Patrik Gustavsson PS Sweden Senior
Technical Consultant wrote:
>
> I had a working Samba 3.0beta1 as ADS member of a W2003 server.
> My w2000 client could log in to the W2003 server and use services on
> Samba (home directory).
>
> Winbind is working.
>
> So I tried to re-do all my work again.
>
> And suddenly the w2k can use any services on Samba anymore.
>
> The output from the logfile tells me it's kerberos problem:
> [2003/06/18 08:35:03, 3] libads/kerberos_verify.c:(126)
> krb5_rd_req with auth failed (Bad encryption type)
> [2003/06/18 08:35:03, 1] smbd/sesssetup.c:(175)
> Failed to verify incoming ticket!
> [2003/06/18 08:35:03, 3] smbd/error.c:(94)
> error string = No such file or directory
>
> Winbind/wbinfo works as it should.
>
> I know what problem it is, but not WHY and not HOW to fix it ?
The user you are using has not had their password changed since Win2k
installation/AD upgrade. This means that they only have their 'type
23' encryption type - the type that is based on the NT4 password.
If you change the password, it should work. The proper solution is to
compile with MIT Krb5 1.3, or a recent Heimdal kerberos. These versions
support the new encryption type, and should allow it to work out of the
box.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030618/9c84e1f5/attachment.bin
More information about the samba
mailing list