[Samba] Samba requesting nonexistent keytab type?

Justin Baugh justin.baugh at request.com
Mon Jan 5 23:34:41 GMT 2004 

Hello,

I have been working diligently since my last post to solve the error 
I've been receiving. I did manage to fix the credentials problem, but 
now I am at the same point where many others are, mainly, when doing 
hostname mapping (net use X: \\foo\bar), Samba prompts for a username 
and password and does not use Kerberos.

In my error logs:

[2004/01/05 15:51:59, 10] libads/kerberos_verify.c:create_keytab(56)
   creating keytab: MEMORY:
[2004/01/05 15:51:59, 10] libads/kerberos_verify.c:create_keytab(59)
   going to krb5_kt_resolveunable to create MEMORY: keytab (Unknown Key 
table type)
[2004/01/05 15:51:59, 3] libads/kerberos_verify.c:ads_verify_ticket(283)
   ads_verify_ticket: unable to setup keytab
[2004/01/05 15:51:59, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
   Failed to verify incoming ticket!
[2004/01/05 15:51:59, 3] smbd/error.c:error_packet(118)
   error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX) 
NT_STATUS_LOGON_FAILURE

After looking at kerberos_verify.c and doing some debugging, I found 
exactly where the problem is occuring (I think).  The krb5_kt_resolve 
immediately before is returning KRB5_KT_UNKNOWN_TYPE. Doing some looking 
at the source for MIT krb5, and a bit of reading, it looks like there 
are two key table types defined: FILE and WRFILE. Specifically, in 
lib/krb5/keytab/ktbase.c:krb5_kt_resolve(112), it cycles through a list 
of registered key table types, and MEMORY is definitely not one of them. 
It has no associated krb5_kt_ops struct, at least not one that I can 
locate.

However, this definition _does_ exist in Heimdal Kerberos 0.6 
(keytab_memory.c), along with a corresponding krb5_kt_ops struct.

What gives? Am I just making this up, or does this seem slightly 
reasonable?

I'm using FreeBSD 5.1; when I compiled Samba 3.0 with Heimdal (the 
system krb5 libs) I couldn't even get Samba to join a Windows 2003 
domain, no matter what the krb5.conf said. Only after I went to MIT and 
recompiled was I able to join and do queries on the domain.

Does anyone have Samba 3.0 + FreeBSD 5 + Heimdal working? If so, please 
let me know? :)

Thoughts, questions, flames? Any errors are a result of my ignorance.

-Justin

More information about the samba mailing list