[Samba] bad encryption type when accessing AD member server

Derek T. Yarnell derek at cs.umd.edu
Tue Sep 30 14:20:52 GMT 2003


Can you send the default debian krb5.conf? I would like to see what the
differences are with my krb5.conf.

Thanks.

On Tue, Sep 30, 2003 at 11:45:35AM +0200, Henning Holtschneider wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Monday 29 September 2003 17:59, Henning Holtschneider wrote:
> 
> > I'm trying to access a Samba 3.0 server (running on Debian unstable) in an
> > Active Directory environment. I successfully joined the domain, klist shows
> > my Kerberos ticket(s) and I can use smbclient -k to access a Windows 2000
> > server. However, when I try to access a share on the Samba machine from a
> > Windows 2000 client, I'm being asked for the password and Samba logs:
> > [...]
> > [2003/09/29 13:17:02, 3] libads/kerberos_verify.c:ads_verify_ticket(317)
> > ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
> 
> I replaced Debian's default krb5.conf (which looks like MIT Kerberos' sample 
> file) with the minimum configuration described in the Samba documentation and 
> finally the connection from the Windows clients works! Don't know why I 
> didn't try that earlier ...
> 
> Sorry about the noise,
> 
>      <-gninneH<-
> - --
>    __                 _  __    __   Henning Holtschneider
>   / /  ___  _______ _/ |/ /__ / /_  <henning at loca.net>
>  / /__/ _ \/ __/ _ `/    / -_) __/
> /____/\___/\__/\_,_/_/|_/\__/\__/  ...net happens!
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> 
> iD8DBQE/eVC/P9goCV2uudcRArZOAJ9RWeUl/H8umC19zZLZy8NZ58UHCACfcI3q
> M0tr3nsdEy02fli9vC+2MAY=
> =mnRw
> -----END PGP SIGNATURE-----
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
---
Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff
derek at cs.umd.edu



More information about the samba mailing list