[Samba] bad encryption type when accessing AD member server
Henning Holtschneider
hh at loca.net
Mon Sep 29 15:59:35 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I'm trying to access a Samba 3.0 server (running on Debian unstable) in an
Active Directory environment. I successfully joined the domain, klist shows
my Kerberos ticket(s) and I can use smbclient -k to access a Windows 2000
server. However, when I try to access a share on the Samba machine from a
Windows 2000 client, I'm being asked for the password and Samba logs:
[2003/09/29 13:17:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) Failed to
verify incoming ticket!
I turned up logging to 5 and found this just before the "incoming ticket"
line:
[2003/09/29 13:17:02, 3] libads/kerberos_verify.c:ads_verify_ticket(317)
ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
"klist -e" shows my tickets as follows:
- ----- snip -----
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: ADMINISTRATOR at DOMAIN.LOCAL
Valid starting Expires Service principal
09/29/03 13:31:30 09/29/03 23:31:26 krbtgt/DOMAIN.LOCAL at DOMAIN.LOCAL
renew until 09/29/03 23:31:30, Etype (skey, tkt): DES cbc mode with
CRC-32, DES cbc mode with CRC-32
09/29/03 13:31:30 09/29/03 23:31:26 filepile-a$@DOMAIN.LOCAL
renew until 09/29/03 23:31:30, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
- ----- snap -----
Did I make a mistake when setting up my Kerberos environment or is this a
Samba problem?
Thanks,
<-gninneH<-
- --
__ _ __ __ Henning Holtschneider
/ / ___ _______ _/ |/ /__ / /_ <henning at loca.net>
/ /__/ _ \/ __/ _ `/ / -_) __/
/____/\___/\__/\_,_/_/|_/\__/\__/ ...net happens!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/eFbnP9goCV2uudcRAoWkAJsGmSNmyicQnkLV8uGcLYBiLdSCAwCfUcS5
n1bPagVlnJ1UJauvnodA8PM=
=y0aZ
-----END PGP SIGNATURE-----
More information about the samba
mailing list