[Samba] Authentication problems with win2k3 domain controller

[Robert Toole]

 >Thomas Limoncelli wrote:
 >> Fredrik Lindberg wrote:
 >>> [libdefaults]
 >>>         default_realm      = MYREALM.COM
 >>>         default_etypes     = des-cbc-crc des-cbc-md5
 >>>         default_etypes_des = des-cbc-crc des-cbc-md5
 >>
 >> Have you tried removing the last two entries?
 >>
 >>
 >> -TL

 >I tried to remove them and re-joined the domain but I'm still
 >getting " Failed to verify incoming ticket".
 >But I'm now getting several "Message size is incompatible with
 >encryption type" for the enc types 16, 5, 3, 2 and 1
 >I also got a
 >[2006/03/22 14:29:41, 3]
 >libads/kerberos_verify.c:ads_secrets_verify_ticket(249)
 >   ads_secrets_verify_ticket: enc type [23] failed to decrypt with >error
 >Decrypt integrity check failed

 >Well, at least something happened :)

 >	Fredrik Lindberg

Hi all,

I have have been having the same problem, cannot connect using 
\\<servername> but can connect using \\<server_IP_Address>, with the 
following in the log.<clientname>:

[2006/04/05 15:39:28, 0] auth/auth_util.c:make_server_info_info3(1177)
   make_server_info_info3: pdb_init_sam failed!

and the following in log.<Client_IP_Address>

[2006/04/05 16:24:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
   Failed to verify incoming ticket!


I have also noticed that only Windows XP clients are affected, 
Connecting from Win2000 and W2003 works ok, and putting the following in 
smb.conf resolves it:

client use spnego = no

thanks to Anton Velo for the fix in his post:
http://marc.theaimsgroup.com/?l=samba&m=110900733011271&w=2

I am using RHEL 4 U3, with the following rpms:

samba-3.0.10-1.4E.6
pam_krb5-2.1.8-1
krb5-libs-1.3.4-27
krb5-devel-1.3.4-27
krb5-workstation-1.3.4-27

Is this a Kerberos, Samba, or RHEL problem?

I have a feeling this may be a RHEL problem but I thought I'd post here 
as well...

thanks

-- 
Robert Toole
Sr. Systems Engineer
KN Logistics / Calgary