[Samba] authentication problems

Derek T. Yarnell derek at cs.umd.edu
Mon Sep 29 16:02:56 GMT 2003 

Ok I spoke too soon, I am also having this problem,

[2003/09/29 11:43:28, 10] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type
[2003/09/29 11:43:28, 10] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type
[2003/09/29 11:43:28, 3] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed
[2003/09/29 11:43:28, 10] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type
[2003/09/29 11:43:28, 10] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type
[2003/09/29 11:43:28, 10] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [2] failed to decrypt with error Bad encryption type
[2003/09/29 11:43:28, 10] passdb/secrets.c:secrets_named_mutex_release(709) secrets_named_mutex: released mutex for replay cache mutex
[2003/09/29 11:43:28, 3] libads/kerberos_verify.c:ads_verify_ticket(317) ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
[2003/09/29 11:43:28, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) Failed to verify incoming ticket!

Argh, ads is not working correctly with windows 2k3. Anyone get this
working with a 2k3 domain? What is your krb5.conf file look like? Are
you in native server 2k3 mode for the domain?

On Mon, Sep 29, 2003 at 09:48:46AM -0400, Derek T. Yarnell wrote:
> Can you kinit correctly?
> 
> kinit username at REALM
> 
> If that gives you an error 52 then what I have found that if you are in
> Native W2k3 mode for the domain then you will have to upgrade kerberos
> to version 1.3.x to get it to work correctly (and link with the 1.3.x
> libs)
> 
> Just something to try.
> 
> On Sat, Sep 27, 2003 at 04:29:41PM -0500, Aaron_Colichia at Dell.com wrote:
> > My samba server is a member of my w2k3 mixed mode domain via 'net ads join'
> > 
> > all users and groups can be seen with wbinfo + getent
> > 
> > net ads commands show proper information
> > 
> > I can connect to my local machine using winbind via /etc/pam.d/login
> > 
> > but when my windows clients try to connect to any share, I receive:
> > 
> > ads_verify_ticket: krb5_rd_req with auth failed (bad encryption)
> > 
> > The machine account looks fine from both sides.
> > 
> > I have signing turned off on the w2k3 server, and I have allowed anonymous
> > queries.
> > 
> > I've run out of clues on this one.
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> -- 
> ---
> Derek T. Yarnell
> University of Maryland
> Computer Science Department Unix Staff
> derek at cs.umd.edu
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
---
Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff
derek at cs.umd.edu

More information about the samba mailing list