[Samba] samba 3.0.23d on ubuntu - ADS member -failed to verify ticket

sysadm sysadm at constantza-port.ro
Fri Dec 1 19:42:51 GMT 2006 

SOLVED:
Error was on updateing an empty keytab file so:
1. delete keytab file
2. rejoin ads domain 

I lost 3 days for 2 operations... silly me 

 

sysadm writes: 

> I have a server with ubuntu 6.06 LTS with samba 3.0.23d (compiled against 
> heimdal krb5) and heimdal-clients0.7.1-1ubuntu3.
> I have configured samba as a ADS domain member.
> Problem is that when I want to access a samba share from a windows xp 
> domain member I am keep asked for user and password and
> debug level 3 shows this on log.<workstation_name> :  
> 
> ...
> [2006/11/30 12:42:15, 3] 
> libads/kerberos_verify.c:ads_secrets_verify_ticket(261)
> ads_secrets_verify_ticket: enc type [1] failed to decrypt with error 
> Decrypt integrity check failed
> [2006/11/30 12:42:15, 3] 
> libads/kerberos_verify.c:ads_secrets_verify_ticket(261)
> ads_secrets_verify_ticket: enc type [3] failed to decrypt with error 
> Decrypt integrity check failed
> [2006/11/30 12:42:15, 3] smbd/sesssetup.c:reply_spnego_kerberos(207)
> Ticket name is [Administrator at APMC.LOCAL]
> ...  
> 
> my smb.conf:
>>>>> 
> [global]
>  workgroup = APMC
> realm = APMC.LOCAL
>  server string = %h server (Samba, Ubuntu)
>  dns proxy = no  
> 
> interfaces = 127.0.0.1/255.0.0.0 192.168.0.0/255.255.255.0 
> 10.1.0.0/255.255.0.0 10.101.0.0/255.255.0.0  
> 
> hosts allow = 10.1. 127.  192.168.0. 192.168.1. 10.101.  
> 
>  log file = /var/log/samba/log.%m
>  max log size = 1000
>  syslog = 0
>  panic action = /usr/share/samba/panic-action %d
> use kerberos keytab = no
> security = ADS
>  encrypt passwords = true
> password server = pdc.apmc.local
>  passdb backend = tdbsam  
> 
>  obey pam restrictions = yes
>  invalid users = root  
> 
>  passwd program = /usr/bin/passwd %u
>  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
> *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
>  load printers = no
>  socket options = TCP_NODELAY
> idmap uid = 10000-20000
>  idmap gid = 10000-20000  
> 
> [bks$]
> browseable = yes
> path = /bks
> public = yes
> writable = yes
> write list = root, @'APMC\domain users'  
> 
> <<<<  
> 
> My krb5.conf
>>>>>> 
> [logging]
> default = FILE:/var/log/krb5/libs.log
> kdc = FILE:/var/log/krb5/kdc.log
> admin_server = FILE:/var/log/krb5/admin.log  
> 
> [libdefaults]
>       default_realm = APMC.LOCAL
> default_etypes = des-cbc-crc des-cbc-md5
> default_etypes_des = des-cbc-crc des-cbc-md5  
> 
> [domain_realms]
> .apmc.local = APMC.LOCAL
> apmc.local = APMC.LOCAL  
> 
> [realms]
> APMC.LOCAL = {
>        kdc = pdc.apmc.local
>       admin_server = pdc.apmc.local
>       default_domain = apmc.local
> }  
> 
> <<<<<  
> 
> 
> I have also tried samba package from ubuntu dapper distri and MIT krb5 but 
> with the same rezult.  
> 
> Thank you.  
> 
>  
> 
> -------------------------------------------------------------
> This mail was scanned by BitDefender
> For more informations please visit http://www.bitdefender.com 
> 
> 
> ------------------------------------------------------------- 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba 
> 
> -------------------------------------------------------------
> This mail was scanned by BitDefender
> For more informations please visit http://www.bitdefender.com 
> 
> 
> ------------------------------------------------------------- 
> 
 


-------------------------------------------------------------
This mail was scanned by BitDefender
For more informations please visit http://www.bitdefender.com


-------------------------------------------------------------

More information about the samba mailing list