[Samba] Performance Problem / failed to verify PAC server signature

Gerald (Jerry) Carter jerry at samba.org
Wed Aug 29 16:54:07 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ying,

>   ads_secrets_verify_ticket: enc type [3] decrypted message !
> ......
>     smb_krb5_verify_checksum: krb5_c_verify_checksum() failed: Bad
> encryption type
>     check_pac_checksum: PAC Verification failed: Bad encryption type
...
> I'm wondering whether it's an abnormal behavior, or there 
> is a specific fix to improve performance. Could somebody look
> at this and help me out?

It looks like you have the DES only bit set of the machine
trust account.  I have this vague memory of the PAC checksum
always being signed using RC4-HMAC.  Do you Krb5 libs support
that enc type?  It doesn't appear that they do based on your
logs.  Or maybe the support was just not detected when Samba
was compiled.




cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG1aSvIR7qMdg1EfYRAqzCAJ99vPBHlp4GyOaXvJvwnPFgcfl6bgCgrNOC
fXyRZWLFJkSZzurWhcKqrtA=
=rFSK
-----END PGP SIGNATURE-----


More information about the samba mailing list