[Samba] 3.0.2 works with kerberos 1.2.7 for a while, then stops
Alan Munter
alan.munter at nist.gov
Thu Mar 18 22:48:49 GMT 2004
I installed RH9 and the RH9 binary rpm of samba-3.0.2a from the ftp
site. I added default_realm, kdc, and [domain_realm] sections to my
krb5.conf file because for some reason it can't get them from DNS
(haven't worked that out yet) and with a small edit of smb.conf was able
to join the new samba install to our 2k3 active directory. wbinfo -t
and kinit and stuff all worked as did getent password.
Then I used swat to make a share and set valid users = '@MYDOMAIN\Domain
Users' and browsed to it from a Windows XP machine which was a member of
the domain. I made a folder in the share, verified that it had the
correct UID/GID mapping. All was good.
Then all of a sudden it stopped working. Now I am getting log entries
like:
[2004/03/18 15:57:57, 2] smbd/sesssetup.c:setup_new_vc_session(591)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2004/03/18 15:57:57, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(518)
Doing spnego session setup
[2004/03/18 15:57:57, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(549)
NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2004/03/18 15:57:57, 3] smbd/sesssetup.c:reply_spnego_negotiate(427)
Got OID 1 2 840 48018 1 2 2
[2004/03/18 15:57:57, 3] smbd/sesssetup.c:reply_spnego_negotiate(427)
Got OID 1 2 840 113554 1 2 2
[2004/03/18 15:57:57, 3] smbd/sesssetup.c:reply_spnego_negotiate(427)
Got OID 1 3 6 1 4 1 311 2 2 10
[2004/03/18 15:57:57, 3] smbd/sesssetup.c:reply_spnego_negotiate(430)
Got secblob of size 1211
[2004/03/18 15:57:57, 3] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [3] failed to decrypt with error Decrypt
integrity check failed
[2004/03/18 15:57:57, 3] libads/kerberos_verify.c:ads_verify_ticket(330)
ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
[2004/03/18 15:57:57, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2004/03/18 15:57:57, 3] smbd/error.c:error_packet(94)
error string = No such file or directory
[2004/03/18 15:57:57, 3] smbd/error.c:error_packet(118)
error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
I know. Folks will say that I need to upgrade MIT kerberos to 1.3.1,
which I will do, however I am curious about why it used to work and then
just stopped working. I was messing around with swat at the time, but I
did not change any of the global settings, only shares.
Any ideas?
Alan
--
Alan E. Munter NIST Center for Neutron Research
Physical Scientist 100 Bureau Dr., Stop 8562
alan.munter at nist.gov Gaithersburg, MD 20899-8562
http://www.ncnr.nist.gov/ (301)975-6244
More information about the samba
mailing list