[Samba] Kerberos Error

Norman Zhang norman.zhang at rd.arkonnetworks.com
Tue Dec 7 02:51:31 GMT 2004 

Hi,

I'm using samba-*-3.0.6-4.3.100mdk and libkrb51-1.3-6.3.100mdk on 
LM10.0. A similar summary to what I'm seeing could be found here.

http://lists.samba.org/archive/samba/2004-July/090210.html

My relevant config info could be found below. May I ask how could I 
solve this in LM10.0? What packages do I need to update? The problem 
does not arise with NT. It happens to only W2K, XP, 2003.

Regards,
Norman Zhang

/var/log/samba/log.2d-052

[2004/12/06 15:19:50, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
   Failed to verify incoming ticket!

# rpm -qa 'samba*'
samba-common-3.0.6-4.3.100mdk
samba-client-3.0.6-4.3.100mdk
samba-doc-3.0.6-4.3.100mdk
samba-winbind-3.0.6-4.3.100mdk
samba-swat-3.0.6-4.3.100mdk
samba-server-3.0.6-4.3.100mdk

# rpm -qa '*krb5*'
libkrb51-1.3-6.3.100mdk
ftp-client-krb5-1.3-6.3.100mdk

/etc/samba/smb.conf
[global]
         workgroup = ARKONDOMAIN
         realm = HQ.ARKONNETWORKS.COM
         server string = Samba Server %v
         security = ADS
         obey pam restrictions = Yes
         password server = 192.168.22.22
         log file = /var/log/samba/log.%m
         max log size = 50
         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
         os level = 18
         preferred master = No
         local master = No
         domain master = No
         dns proxy = No
         ldap ssl = no
         idmap uid = 15000-20000
         idmap gid = 15000-20000
         template homedir = /hsd1/transfer/%u
         template shell = /bin/bash
         winbind separator = /
         winbind use default domain = Yes

[transfer]
         comment = Temporary Storage
         path = /hsd1/transfer
         read only = No
         create mask = 0777
         directory mask = 0777

/etc/krb5.conf
[logging]
  default = FILE:/var/log/kerberos/krb5libs.log
  kdc = FILE:/var/log/kerberos/krb5kdc.log
  admin_server = FILE:/var/log/kerberos/kadmind.log

[libdefaults]
  ticket_lifetime = 24000
  default_realm = HQ.ARKONNETWORKS.COM
  default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
  default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
  permitted_enctypes = des3-hmac-sha1 des-cbc-crc
  dns_lookup_realm = false
  dns_lookup_kdc = false
  kdc_req_checksum_type = 2
  checksum_type = 2
  ccache_type = 1
  forwardable = true
  proxiable = true

[realms]
   HQ.ARKONNETWORKS.COM = {
   kdc = dc2.hq.arkonnetworks.com:88
   admin_server = dc2.hq.arkonnetworks.com:749
   default_domain = hq.arkonnetworks.com
  }

[domain_realm]
  .hq.arkonnetworks.com = HQ.ARKONNETWORKS.COM

[kdc]
  profile = /etc/kerberos/krb5kdc/kdc.conf

[pam]
  debug = false
  ticket_lifetime = 36000
  renew_lifetime = 36000
  forwardable = true
  krb4_convert = false

[login]
  krb4_convert = false
  krb4_get_tickets = false

More information about the samba mailing list