[Samba] member server and kerberos
Thomas Constans
thomas.constans at opendoor.fr
Wed Oct 20 09:49:48 GMT 2004
hello
i have finally set up the following configuration:
debian testing / samba-3.07 member of a w2k Active Directory, security
=ads
now i am able to:
- list users and group with wbinfo -u | -g
- authenticate domain users via pam_winbind
- list and connect to share on AD server with kerberos ( smbclient -k )
- list and connect to share on SAMBA server _from_samba_server_ (
smbclient -k //SAMBA_SERVER/
_BUT_ trying to connect to samba share from AD server (net use *
\\SAMBA_SERVER\share ) prompt me for a password and log gives me the
famous "failed to verify incoming ticket" :
[2004/10/20 09:24:42, 3] smbd/server.c:exit_server(614)
Server exit (process_smb: send_smb failed.)
[2004/10/20 09:24:42, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(193)
ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
Decrypt integrity check failed
[2004/10/20 09:24:42, 3] libads/kerberos_verify.c:ads_verify_ticket(307)
ads_verify_ticket: krb5_rd_req with auth failed (Success)
[2004/10/20 09:24:42, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2004/10/20 09:24:42, 3] smbd/error.c:error_packet(129)
error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
i have try to play with enc-type in krb5.conf to no avail.
here is my krb5.conf:
[libdefaults]
default_realm = OPENDOOR.NET
[realms]
OPENDOOR.NET = {
kdc = nicotine.opendoor.net:88
}
output of klist -5e :
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrateur at OPENDOOR.NET
Valid starting Expires Service principal
10/20/04 11:40:14 10/20/04 21:40:14 krbtgt/OPENDOOR.NET at OPENDOOR.NET
Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
10/20/04 11:40:33 10/20/04 21:40:14 melatonine$@OPENDOOR.NET (
samba server )
Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
10/20/04 11:40:49 10/20/04 21:40:14 nicotine$@OPENDOOR.NET
( AD server )
Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
installed package:
debian testing
samba 3.0.7-1
samba-common 3.0.7-1
libkrb53 1.3.4-4
krb5-user 1.3.4-4
any idea ?
--
-- Thomas Constans --
http://www.opendoor.fr
thomas.constans at opendoor.fr
04 78 68 17 34
More information about the samba
mailing list