[Samba] Kerberos verfy ticket failed
Aaron Rosenblum
arosenbl at mac.com
Wed Aug 11 02:24:42 GMT 2004
I have seen this on multiple occasions as well. I can't really
pinpoint it, but I'd really like to know what is going wrong.
Aaron
On Aug 10, 2004, at 1:48 PM, Raphael RIGNIER wrote:
> Hello list.
>
> I've got a problem using samba-3.0.4 (RedHat AS 3.0)
> the server is member of a Win2003 Active directory domain
> All stuff about krb5 seems to work correctly
>
> kinit user at REALM
> klist
> etc...
>
> net ads join -U administrator has worked well too
>
> But when any Windows client member of the domain try to connect to the
> server it asks me for a user/pass.
>
> here is the log.
>
> [2004/08/10 18:56:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
> wct=12 flg2=0xc807
> [2004/08/10 18:56:42, 2] smbd/sesssetup.c:setup_new_vc_session(608)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> all old resources.
> [2004/08/10 18:56:42, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
> Doing spnego session setup
> [2004/08/10 18:56:42, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
> NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
> PrimaryDomain=[]
> [2004/08/10 18:56:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
> Got OID 1 2 840 48018 1 2 2
> [2004/08/10 18:56:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
> Got OID 1 2 840 113554 1 2 2
> [2004/08/10 18:56:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
> Got OID 1 3 6 1 4 1 311 2 2 10
> [2004/08/10 18:56:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(447)
> Got secblob of size 1191
> [2004/08/10 18:56:42, 3]
> libads/kerberos_verify.c:ads_verify_ticket(185)
> ads_verify_ticket: enc type [3] failed to decrypt with error Decrypt
> integrity check failed
> [2004/08/10 18:56:43, 3]
> libads/kerberos_verify.c:ads_verify_ticket(193)
> ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
> [2004/08/10 18:56:43, 1] smbd/sesssetup.c:reply_spnego_kerberos(174)
> Failed to verify incoming ticket!
> [2004/08/10 18:56:43, 3] smbd/error.c:error_packet(94)
> error string = Aucun fichier ou répertoire de ce type
> [2004/08/10 18:56:43, 3] smbd/error.c:error_packet(118)
> error packet at smbd/sesssetup.c(175) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
> [2004/08/10 18:56:43, 3] smbd/process.c:timeout_processing(1131)
> timeout_processing: End of file from client (client has
> disconnected).
> [2004/08/10 18:56:43, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2004/08/10 18:56:43, 2] smbd/server.c:exit_server(572)
> Closing connections
> [2004/08/10 18:56:43, 3] smbd/connection.c:yield_connection(69)
> Yielding connection to
> [2004/08/10 18:56:44, 3] smbd/connection.c:yield_connection(76)
> yield_connection: tdb_delete for name failed with error Record does
> not exist.
> [2004/08/10 18:56:44, 3] smbd/server.c:exit_server(615)
> Server exit (normal exit)
>
> I'm not sure it's due to Win2k3 server because enc type [3] is
> des-cbc-md5.
>
> I definitiveley Don't know what's wrong!
>
> I have even tried to compile samba-3.0.5 and link with kerberos-1.3.4
> without success.
>
> Any help would be appretciated.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list