[Samba] Samba 3.0.6 Problems w/AD and Kerberos

Christian Merrill cmerrill at redhat.com
Wed Sep 8 15:56:16 GMT 2004

Gerald (Jerry) Carter wrote:

> Hash: SHA1
> Christian Merrill wrote:
> | Running into a lot of people upgrading to the 3.0.6
> | package that all of a sudden begin to experience
> | the "Failed to verify incoming ticket!" errors
> | etc., that are generally associated with a kerberos
> | package incompatibility.
> |
> | However many of these people are running later
> | versions of kerberos *and* reverting to a previous
> | version of Samba appears to fix the issue.  Is there
> | something new setting wise that has taken place, is
> | something really wrong with this new package, or
> | is this all just a strange coincidence?
> I've not been able to reproduce this or track it down.
> Is there a consensus whether this is an specific issue
> with using MIT or Heimdal ?  Or with Windows 2000 or
> 2003 DCs ?
> Any details would be helpful.  I've created bug report at
> https://bugzilla.samba.org/show_bug.cgi?id=1739
> cheers, jerry
> - ---------------------------------------------------------------------
> Alleviating the pain of Windows(tm)      ------- http://www.samba.org
> GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
> "If we're adding to the noise, turn off this song"--Switchfoot (2003)
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> iD8DBQFBPym1IR7qMdg1EfYRAmY5AJ4s+KBbFv3phU9TJzH4/gegWpBPaQCfU21v
> pv5nb9vsPWHrJtcNS8zzGgE=
> =HOe8

Well from my end (Redhat) the behavior is indicative of a known issue 
with the MIT kerberos 1.2.x packages that we currently support and 
Win2k3 DC's...however Win2k DC's have been operating fine as far as I 
know.  What I am seeing are customers who were previously running 
upgrade to the 3.0.6 samba package and then start to encounter these 
errors.  If they downgrade the samba package the problem goes away.  
I've also noticed a few other posts from users on other distros such as 
Debian encountering very similar behavior.

On the surface it really looks like a kerberos problem, but people are 
reporting that it seems to be directly linked to the samba package.  My 
current test environment is on 2k3 so I'm still in the process of 
setting up a 2k AD environment to do testing on...at this point just 
relaying feedback that I am getting from others.


More information about the samba mailing list