[Samba] Authentication problems with win2k3 domain controller

Robert Toole robert.toole at kuehne-nagel.com
Wed Apr 5 23:07:14 GMT 2006

 >Thomas Limoncelli wrote:
 >> Fredrik Lindberg wrote:
 >>> [libdefaults]
 >>>         default_realm      = MYREALM.COM
 >>>         default_etypes     = des-cbc-crc des-cbc-md5
 >>>         default_etypes_des = des-cbc-crc des-cbc-md5
 >> Have you tried removing the last two entries?
 >> -TL

 >I tried to remove them and re-joined the domain but I'm still
 >getting " Failed to verify incoming ticket".
 >But I'm now getting several "Message size is incompatible with
 >encryption type" for the enc types 16, 5, 3, 2 and 1
 >I also got a
 >[2006/03/22 14:29:41, 3]
 >   ads_secrets_verify_ticket: enc type [23] failed to decrypt with >error
 >Decrypt integrity check failed

 >Well, at least something happened :)

 >	Fredrik Lindberg

Hi all,

I have have been having the same problem, cannot connect using 
\\<servername> but can connect using \\<server_IP_Address>, with the 
following in the log.<clientname>:

[2006/04/05 15:39:28, 0] auth/auth_util.c:make_server_info_info3(1177)
   make_server_info_info3: pdb_init_sam failed!

and the following in log.<Client_IP_Address>

[2006/04/05 16:24:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
   Failed to verify incoming ticket!

I have also noticed that only Windows XP clients are affected, 
Connecting from Win2000 and W2003 works ok, and putting the following in 
smb.conf resolves it:

client use spnego = no

thanks to Anton Velo for the fix in his post:

I am using RHEL 4 U3, with the following rpms:


Is this a Kerberos, Samba, or RHEL problem?

I have a feeling this may be a RHEL problem but I thought I'd post here 
as well...


Robert Toole
Sr. Systems Engineer
KN Logistics / Calgary

More information about the samba mailing list