[Samba] Failed to verify ticket ?

Yohann Ferreira bertram25 at hotmail.com
Wed May 12 14:17:07 GMT 2004 

Hi !

My problem is that :
[2004/05/12 16:07:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2004/05/12 16:07:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2004/05/12 16:07:39, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2004/05/12 16:07:59, 0] lib/util_sock.c:read_socket_data(342)
  read_socket_data: recv failure for 4. Error = Connection reset by peer
[2004/05/12 16:07:59, 1] smbd/service.c:close_cnum(887)
  saisie-srag (10.143.31.100) closed connection to service tmp

A w2k client can't log on my samba server.

Here's my krb5.conf :

[logging]
	default = FILE:/var/log/kerberos/krb5libs.log
	kdc = FILE:/var/log/kerberos/krb5kdc.log
	admin_server = FILE:/var/log/kerberos/kadmind.log

[libdefaults]
	ticket_lifetime = 24000
	default_realm = DRAF.FC
	default_tgs_enctypes = des-cbc-crc des-cbc-md5
	default_tkt_enctypes = des-cbc-crc des-cbc-md5
	permitted_enctypes = des-cbc-crc des-cbc-md5

#default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
#default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
#permitted_enctypes = des3-hmac-sha1 des-cbc-crc

	dns_lookup_realm = false
	dns_lookup_kdc = false
	kdc_req_checksum_type = 2
	checksum_type = 2
	ccache_type = 1
	forwardable = true
	proxiable = true

[realms]
	DRAF.FC = {
	kdc = draffc3.draf.fc
	default_domain = DRAFFCOMTE
}

[domain_realm]
	.draf.fc = DRAF.FC

[kdc]
	profile = /etc/kerberos/krb5kdc/kdc.conf

[pam]
	debug = false
	ticket_lifetime = 36000
	renew_lifetime = 36000
	forwardable = true
	krb4_convert = false

[appdefaults]
	pam = {
	debug = true
	ticket_lifetime = 36000
	renew_lifetime = 36000
	forwardable = true
	krb4_convert = true
	afs_cells = draffc3.draf.fc
	hosts = draffc3.draf.fc
	max_timeout = 30
	timeout_shift = 2
	initial_timeout = 1
	}

[login]
	krb4_convert = false
	krb4_get_tickets = false

Any idea about my misconfiguration in Kerberos, everyone ?

Please, just answer me for that and I'll let you breath !

Thanks for reading

Bertram

_________________________________________________________________
Trouvez l'âme soeur sur MSN Rencontres http://g.msn.fr/FR1000/9551

More information about the samba mailing list