[Samba] Kerberos and Native Mode AD

Scott Moseman smoseman at novolink.net
Thu Mar 25 14:53:37 GMT 2004

Server 1: Win 2003 Server (in Native Mode)
Server 2: Red Hat 7.3 (with Samba 3.0.2a)

My RH box has succesfully joined the domain.
getent passwd/group grab Unix/ADS info okay.
(I can login to the RH with an ADS account.)

The problem is mapping to the Samba shares.

\\IP_Addr\Share works just fine.
\\Hostname\Share fails with Access Denied.

I've read the IP works because it uses NTLM,
but via hostname it uses Kerberos and fails.
(I saw on Google I should use "Mixed Mode".)

These are the errors that I get in Samba:

ads_verify_ticket: enc type [3] failed to decrypt with error Decrypt
integrity check failed
ads_verify_ticket: krb5_rd_reg with auth failed (Bad encryption type)
Failed to verify incoming ticket!
error string = No such file or directory

I have tried various pam.d/samba, krb5.conf,
and kdc.conf configurations that I have found
digging through Google.  None fix the problem.

SHOULD this be working?  Or do I really need to
be in "Mixed Mode" to get this to work?  This is
a brand new network, so I would love to keep the
boxes in "Native Mode" if the choice is available.

Scott Moseman

More information about the samba mailing list