# [Samba] Samba requesting nonexistent keytab type?

Justin Baugh justin.baugh at request.com
Mon Jan 5 23:34:41 GMT 2004

Hello,

I have been working diligently since my last post to solve the error
I've been receiving. I did manage to fix the credentials problem, but
now I am at the same point where many others are, mainly, when doing
hostname mapping (net use X: \\foo\bar), Samba prompts for a username
and password and does not use Kerberos.

In my error logs:

creating keytab: MEMORY:
going to krb5_kt_resolveunable to create MEMORY: keytab (Unknown Key
table type)
Failed to verify incoming ticket!
[2004/01/05 15:51:59, 3] smbd/error.c:error_packet(118)
error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE

After looking at kerberos_verify.c and doing some debugging, I found
exactly where the problem is occuring (I think).  The krb5_kt_resolve
immediately before is returning KRB5_KT_UNKNOWN_TYPE. Doing some looking
at the source for MIT krb5, and a bit of reading, it looks like there
are two key table types defined: FILE and WRFILE. Specifically, in
lib/krb5/keytab/ktbase.c:krb5_kt_resolve(112), it cycles through a list
of registered key table types, and MEMORY is definitely not one of them.
It has no associated krb5_kt_ops struct, at least not one that I can
locate.

However, this definition _does_ exist in Heimdal Kerberos 0.6
(keytab_memory.c), along with a corresponding krb5_kt_ops struct.

What gives? Am I just making this up, or does this seem slightly
reasonable?

I'm using FreeBSD 5.1; when I compiled Samba 3.0 with Heimdal (the
system krb5 libs) I couldn't even get Samba to join a Windows 2003
domain, no matter what the krb5.conf said. Only after I went to MIT and
recompiled was I able to join and do queries on the domain.

Does anyone have Samba 3.0 + FreeBSD 5 + Heimdal working? If so, please
let me know? :)

Thoughts, questions, flames? Any errors are a result of my ignorance.

-Justin