[Samba] Samba 3.0.2 ADS Member - Failed to verify incoming ticket!

Gerald (Jerry) Carter jerry at samba.org
Fri Feb 13 14:21:34 GMT 2004

Hash: SHA1

Alexander Wenzel wrote:

| I use Samba 3.0.2rc2 on Suse 9.0 (heimdal 0.6-68) as a
| Domainmember for File -and Printservices (about 100 Users).
| The Linuxbox ist added to the ADS, the User are mapped
| through winbindd. Everything works..
| The I upgraded to Samba 3.0.2 and if I start the daemon,
| after a while follow Error occured if a Domainclient
| will connect to the Sambabox:

There where no kerberos changes between rc2 and the
final 3.0.2 release.  The changes were

~  * tweak to the passdb interface for sanitizing
~    passwords
~  * add defensive code paths for bad character
~    conversions
~  * fix a bug in pulling unicode strings from
~    buffers

I looked at the diff again and non should affect
kerberos authentication adversly.

|   Failed to verify incoming ticket!
| A new recompile didn't help!!? If the Client will connect
| through the IpAdress then it  works...What happend ???

I have looked into this alot and it has always come down
do a kerberos configuration issue (although different
for every case and not always abvious what changed fixed it).

When you connect via IP address, the client uses NTLMSSP,
not kerberos.  That is why it is succeeding.

cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard            ------------------------- http://www.hp.com
SAMBA Team                 ---------------------- http://www.samba.org
GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song" --Switchfoot (2003)
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list