[Samba] Kerberos and Native Mode AD
smoseman at novolink.net
Thu Mar 25 14:53:37 GMT 2004
Server 1: Win 2003 Server (in Native Mode)
Server 2: Red Hat 7.3 (with Samba 3.0.2a)
My RH box has succesfully joined the domain.
getent passwd/group grab Unix/ADS info okay.
(I can login to the RH with an ADS account.)
The problem is mapping to the Samba shares.
\\IP_Addr\Share works just fine.
\\Hostname\Share fails with Access Denied.
I've read the IP works because it uses NTLM,
but via hostname it uses Kerberos and fails.
(I saw on Google I should use "Mixed Mode".)
These are the errors that I get in Samba:
ads_verify_ticket: enc type  failed to decrypt with error Decrypt
integrity check failed
ads_verify_ticket: krb5_rd_reg with auth failed (Bad encryption type)
Failed to verify incoming ticket!
error string = No such file or directory
I have tried various pam.d/samba, krb5.conf,
and kdc.conf configurations that I have found
digging through Google. None fix the problem.
SHOULD this be working? Or do I really need to
be in "Mixed Mode" to get this to work? This is
a brand new network, so I would love to keep the
boxes in "Native Mode" if the choice is available.
More information about the samba