[Samba] samba 3.0.23d on ubuntu - ADS member -failed to verify ticket

sysadm sysadm at constantza-port.ro
Thu Nov 30 19:15:33 GMT 2006 

I have a server with ubuntu 6.06 LTS with samba 3.0.23d (compiled against 
heimdal krb5) and heimdal-clients0.7.1-1ubuntu3.
I have configured samba as a ADS domain member.
Problem is that when I want to access a samba share from a windows xp domain 
member I am keep asked for user and password and
debug level 3 shows this on log.<workstation_name> : 

...
[2006/11/30 12:42:15, 3] 
libads/kerberos_verify.c:ads_secrets_verify_ticket(261)
 ads_secrets_verify_ticket: enc type [1] failed to decrypt with error 
Decrypt integrity check failed
[2006/11/30 12:42:15, 3] 
libads/kerberos_verify.c:ads_secrets_verify_ticket(261)
 ads_secrets_verify_ticket: enc type [3] failed to decrypt with error 
Decrypt integrity check failed
[2006/11/30 12:42:15, 3] smbd/sesssetup.c:reply_spnego_kerberos(207)
 Ticket name is [Administrator at APMC.LOCAL]
... 

my smb.conf:
>>>>
[global]
  workgroup = APMC
realm = APMC.LOCAL
  server string = %h server (Samba, Ubuntu)
  dns proxy = no 

interfaces = 127.0.0.1/255.0.0.0 192.168.0.0/255.255.255.0 
10.1.0.0/255.255.0.0 10.101.0.0/255.255.0.0 

hosts allow = 10.1. 127.  192.168.0. 192.168.1. 10.101. 

  log file = /var/log/samba/log.%m
  max log size = 1000
  syslog = 0
  panic action = /usr/share/samba/panic-action %d
use kerberos keytab = no
security = ADS
  encrypt passwords = true
password server = pdc.apmc.local
  passdb backend = tdbsam 

  obey pam restrictions = yes
  invalid users = root 

  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
  load printers = no
  socket options = TCP_NODELAY
idmap uid = 10000-20000
  idmap gid = 10000-20000 

[bks$]
browseable = yes
path = /bks
public = yes
writable = yes
write list = root, @'APMC\domain users' 

<<<< 

My krb5.conf
>>>>>
[logging]
default = FILE:/var/log/krb5/libs.log
kdc = FILE:/var/log/krb5/kdc.log
admin_server = FILE:/var/log/krb5/admin.log 

[libdefaults]
       default_realm = APMC.LOCAL
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5 

[domain_realms]
.apmc.local = APMC.LOCAL
apmc.local = APMC.LOCAL 

[realms]
APMC.LOCAL = {
        kdc = pdc.apmc.local
       admin_server = pdc.apmc.local
       default_domain = apmc.local
} 

<<<<< 


I have also tried samba package from ubuntu dapper distri and MIT krb5 but 
with the same rezult. 

Thank you. 



-------------------------------------------------------------
This mail was scanned by BitDefender
For more informations please visit http://www.bitdefender.com


-------------------------------------------------------------

More information about the samba mailing list