[Samba] kerberos_kinit_password: Decrypt integrity check failed
P V
ditirambo_farfulla at yahoo.com
Tue Aug 16 22:32:31 GMT 2005
Thank you Ken.
I ran kinit with users in DOMAIN, and something
like host/HOST at DOMAIN.COM.MX and all worked fine, not
errors.
This is my krb5.conf file. Would you help me?
Thank you very much.
--------------------------------------------------
[libdefaults]
ticket_lifetime = 24000
default_realm = DOMAIN.COM.MX
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
forwardable = true
proxiable = true
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
DOMAIN.COM.MX = {
kdc = hostdc.domain.com.mx:88
kdc = hostdc2.domain.com.mx:88
admin_server = hostdc.domain.com.mx
default_domain = domain.com.mx
}
[domain_realm]
.domain.com.mx = DOMAIN.COM.MX
domain.com.mx = DOMAIN.COM.MX
.netbiosdomain_name = DOMAIN.COM.MX
netbiosdomain_name = DOMAIN.COM.MX
host = host.domain.com.mx
HOST = host.domain.com.mx
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
admin_server = FILE:/var/krb5/kdc.log
kdc_rotate = {
period = 1d
versions = 10
}
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
# kinit = {
# renewable = true
# forwardable= true
# }
--- Ken Nakamura <knakamur at tripwire.com> wrote:
> sounds like you need kerberos 5 installed and
> configured properly. check
> your /etc/krb5.conf, or post it.
>
> also, here is a great howto:
>
http://gentoo-wiki.com/HOWTO_Adding_a_Samba_Server_into_an_existing_AD_Domai
> n
>
> hope this helps,
> -k
>
>
> On 8/16/05 2:42 PM, "P V"
> <ditirambo_farfulla at yahoo.com> wrote:
>
> > Please, somebody can help me?
> >
> > When I start samba I get this error en
> log.smbd:
> >
> ----------------------------------------------------
> > [2005/08/16 16:30:01, 0] smbd/server.c:main(802)
> > smbd version 3.0.20rc1 started.
> > Copyright Andrew Tridgell and the Samba Team
> > 1992-2004
> > [2005/08/16 16:30:01, 0]
> > libads/kerberos.c:ads_kinit_password(146)
> > kerberos_kinit_password host/HOST at DOMAIN.COM.MX
> > failed: Decrypt integrity che
> > ck failed
> >
>
-----------------------------------------------------
> >
> > In log.wb-WORKGROUP
> >
>
-----------------------------------------------------
> > [2005/08/16 16:30:09, 0]
> > libsmb/cliconnect.c:cli_session_setup_spnego(762)
> > Kinit failed: Client not found in Kerberos
> database
> > [2005/08/16 16:30:09, 1]
> > nsswitch/winbindd_cm.c:cm_prepare_connection(331)
> > failed tcon_X with NT_STATUS_ACCESS_DENIED
> > [2005/08/16 16:30:09, 0]
> lib/fault.c:fault_report(36)
> >
>
======================================================
> > [2005/08/16 16:30:09, 0]
> lib/fault.c:fault_report(37)
> > INTERNAL ERROR: Signal 11 in pid 699 (3.0.20rc1)
> > Please read the appendix Bugs of the Samba HOWTO
> > collection
> > [2005/08/16 16:30:09, 0]
> lib/fault.c:fault_report(39)
> >
>
======================================================[2005/08/16
> > 16:30:09, 0] lib/util.c:smb_panic2(1548)
> > PANIC: internal error
> > [2005/08/16 16:30:12, 0] libsmb/cliconnect.c:
> >
>
-----------------------------------------------------
> >
> > My smb.conf:
> >
>
-----------------------------------------------------
> > workgroup = WORKGROUP
> > netbios name = HOST
> >
> > idmap uid = 10000-20000
> > idmap gid = 10000-20000
> > winbind enum users = yes
> > winbind enum groups = yes
> > template homedir = /home/%D/%U
> > template shell = /bin/bash
> >
> > security = ads
> > encrypt passwords = yes
> > realm = DOMAIN.COM.MX
> >
>
-----------------------------------------------------
> >
> > Any idea will be appreciated.
> >
> >
> >
> >
> ____________________________________________________
> > Start your day with Yahoo! - make it your home
> page
> > http://www.yahoo.com/r/hs
> >
>
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the samba
mailing list