[Samba] Problem authenticate with a w2k3 ADS

Tobias Leers tol at k-is.de
Mon Sep 29 16:30:09 GMT 2003 

Hello.

I set up a samba 3.0.0 with ADS support. Everything is fine but
authentication of incomming connections.

I joined the ADS of a W2k3:

linux:/ # /usr/local/samba/bin/net ads join "Computers"
Using short domain name -- DOMAIN
Joined 'LINUX' to realm 'DOMAIN.LOCAL'

linux:/ # getent passwd
root:x:0:0:root:/root:/bin/bash
...
DOMAIN+Administrator:x:10002:10000:Administrator:/home/DOMAIN/administra
tor:/bin/false
DOMAIN+Gast:x:10003:10002:Gast:/home/DOMAIN/gast:/bin/false
DOMAIN+krbtgt:x:10004:10000:krbtgt:/home/DOMAIN/krbtgt:/bin/false
...

I think, ADS connection is ok.
When trying to connect from a W2k-Client I get the following messages in
the smbd logfile (and an error in the connection-dialogue):

[2003/09/29 18:06:04, 3] libads/kerberos_verify.c:ads_verify_ticket(310)
  ads_verify_ticket: enc type [1] failed to decrypt with error Unknown
error 2529639093
[2003/09/29 18:06:04, 3] libads/kerberos_verify.c:ads_verify_ticket(310)
  ads_verify_ticket: enc type [3] failed to decrypt with error Unknown
error 2529639093
[2003/09/29 18:06:04, 3] libads/kerberos_verify.c:ads_verify_ticket(317)
  ads_verify_ticket: krb5_rd_req with auth failed (Unknown error
2529639093)
[2003/09/29 18:06:04, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
  Failed to verify incoming ticket!
[2003/09/29 18:06:04, 3] smbd/error.c:error_packet(113)
  error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2003/09/29 18:06:06, 3] smbd/process.c:timeout_processing(1099)
  timeout_processing: End of file from client (client has disconnected).

Any ideas? Any further log/debug possibilities?


Tobias Leers


***********************************************
*** K-iS Systemhaus GmbH & Co. KG
*** Lahnstr. 33 - 57250 Netphen - Germany
*** Tel : +49-2738-3033-11 - Fax : 3033-29
*** eMail : tol at k-is.de - http://www.k-is.de
***********************************************

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese
E-Mail
irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
Weitergabe dieser Mail ist nicht gestattet.

This e-mail may contain confidential and/or privileged information. If
you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.

More information about the samba mailing list