[Samba] Samba Authentication With Kerberos

Fabian von Romberg fromberg100 at hotmail.com
Mon Jan 28 10:22:51 MST 2013

Hi Andrew,

it is Samba 4 and the server role is active directory domain controller.

Thanks and regards,

On 28/01/2013 9:32, Andrew Bartlett wrote:
> On Sun, 2013-01-27 at 11:48 -0500, Fabian von Romberg wrote:
>> Hi All,
>> Im thrying to setup a server with Samba4 with Kerberos. When I want to see list all shares with smbclient with samba authentication, everything works fine. But when I try to authenticate using Kerberos, I get and error.
> To be clear, is this Samba 4.0 as an AD DC, or as a member server in
> another AD domain?
>> The command I execute is:
>> smbclient -L localhost -k
>> The error message from Samba is:
>> using SPNEGO
>> Selected protocol [8][NT LANMAN 1.0]
>> GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
> smbclient should never do kerberos to "localhost" because we can never
> know which "localhost" that is.  If you have somehow registered a
> 'localhost' as a servicePrincipalName, then this is likely the cause of
> the issue.  (This error indicates that the key you got from the KDC is
> not the key that the server has in it's secrets database/keytab.)
> Andrew Bartlett

More information about the samba mailing list